Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk

  1. Wrong Forum to be posting about IObit :rolleyes:

    Respectfully ask that Admin close this thread

    In light of this and other requests earliar in the topic there is no real reason to allow this topic to continue since it has now run its course.

    Update* IObit Malware Fighter Shoud Launch Soon Now! smile.gif

    -------------------------------------------------------------------------

    Check out the forum: IObit Malware Fighter Beta

    I Know many people don't like IObit company here but. You can always give it a try when the program is released. wink.gif

    I have borked your link to their Beta software as find it is in bad taste to allow promoting of the application who once violated my clients application database :lol:

  2. Hi whatmeworry?,

    Yes might be an idea to reinstall to see if you have an issue or whether it just Scotty running interfernce.

    Uninstall MBAM and then restart the computer.

    Download a fresh copy of the installer either (1.46 or 1.5 Beta)

    Install the application and allow any alerts that Scotty makes. Restart the computer again when the application asks you too.

    Next try to update MBAM database via the software to see if your issue is occuring anymore.

    Once checked then open up Scotty and disable the MBAM run key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Malwarebytes' Anti-Malware

    post-1856-1289834462_thumb.jpg

    Thanks in advance :)

  3. Hello whatmeworry?

    As long as you do not allow the MBAM installer to set a run once load value(on reboot) it will fail to install correctly.

    This run once load value has nothing to do with core application starting when windows load and everything to do with the installer completing its task(hence why it is only a run once variable).

    WinPatrol will alert to both start values as they are written to the registry.You need to allow the installer to complete its task on reboot so that value has to be allowed.

    Being a big fan of "Scotty" then also not sure if you know but he will also when you deny a start value being written to the registry he will also attempt to block the process that is attempting to make the write.This will also break stuff(both bad but also in this case legitimate= Our installer).

  4. Well they were torrent sites. 1 was thepiratebay.org and the other was on h33t.com I could just upload these keygens to this forum if you wish me to.

    Hello,

    If you are going to e submitting keygens/source data for pirated/cracked versions please do so in a private message to a Moderator or forum Administrator.

    We do not want this data to appear in the public view at our forum to both protect our business model and also prevent the curious from wandering onto the darker side of the net.

    Thanks for your understanding on this :)

    I am going to lock this topic as there is no more discussion to be found with reguards methods of submitting of this type of data to the company.

  5. Hi WawaSeb,

    MBAM is not an antivirus and cannot break/disinfect appended virus code(File infectors such as Virut/Scribble,Parite,Sality).

    Our principal means of disinfection is by file deletion and removal of loading points.

    That said the protection module can block pure body file infector installers in realtime if we have already added detection for those files :D

    Slightly away from your question with reguards MBAM ability but with relevence to file infectors.

    I am from the school of thought that says although you can always recover a system from the grips of this type of infection however the disinfected files are no longer in their original state.

    At this point it always best to migrate critical data and then completely reinstall the OS/applications to restore the original integrity of the system.

  6. Wow and thanks everybody for the birthday wishs :excl:

    Im spending my day doing what i enjoy most(Kicking malware butt :D)

    So heres introducing an unusual UK workplace tradition that i could never understand,the presents are ment to be coming to me....:)

    Cakes are on me folks :blush:

    post-1856-1283182292_thumb.jpg

    Have a great day everybody!

  7. Your most welcome,

    Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

    And if you want to improve speed/system performance after malware removal, take a look here.

    Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

    We hope our application has helped you eradicate this malicious Malware.

    If your current anti-virus solution let this infection through please consider purchasing the PRO version of Malwarebytes' Anti-Malware for additional protection against these types of malware.

    Safe surfing :D

  8. Hi ya,

    No file was fetched by the capture so hopefully it is an orphaned load value pointing to a file that is no longer on disk.

    Please open HJT and this time place check/ticks against the following lines only.

    R3 - URLSearchHook: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
    O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
    O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
    O4 - HKCU\..\Run: [fttuzrpx] rundll32 "C:\Users\Arjun Venkatesh\AppData\Roaming\KBDFO8.dll",QMCJS

    Select fix check and then reboot the computer.

    After rebooting please generate a new HJT log and attach to a reply :D

    Thanks in advance.

  9. Hi,

    MBAM is still flagging the attached file so perhaps maybe you have quarantined it or manually deleted it.

    17:23:43	(null)	DETECTION	C:\Documents and Settings\User\My Documents\Malware Samples\sshnas21.dll	Trojan.Downloader	QUARANTINE
    17:23:43 (null) DETECTION C:\Documents and Settings\User\My Documents\Malware Samples\sshnas21.dll Trojan.Downloader DENY

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4385

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    03/08/2010 17:25:05
    mbam-log-2010-08-03 (17-25-05).txt

    Scan type: Quick scan
    Objects scanned: 2
    Time elapsed: 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\User\My Documents\Malware Samples\sshnas21\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

  10. Hi creatifica,

    You need to send this file to Norton so they can add it to their DB of malicious code :)

    This is not a F/p and in no way should anyone be benchmarking that because their AV dose'nt flag a file means it cannot be malicious.

    There is always the risk as in this case it is a malicious file and Norton just did not know it yet...

  11. Hi,

    I have just registered the attached .dll and ran a quickscan.This is my output log from the quick test :)

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4314

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    14/07/2010 21:36:09
    mbam-log-2010-07-14 (21-36-09).txt

    Scan type: Quick scan
    Objects scanned: 114455
    Time elapsed: 1 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{73129582-1d7a-4c50-a0d5-587ed7755199} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{85790a84-d74d-49b3-b3f5-0b1ff7b11f9c} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\User\My Documents\Malware Samples\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.

  12. Hi Tarantula,

    I am currently dealing with this install and the fallout from it :D

    Edit:

    Currently we are removing the hompage hijack placed by the Adware LoudMo component and resetting it back to the google homepage.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://flvdirect.iamwired.net/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

    Can you check to see if its the change to the google homepage that is triggering your alert and also did you reboot the computer after the MBAM scan inorder for the application to delete the active files.

  13. Hi MAM,

    They are not False Positives :)

    The files are being flagged in system restore.

    Quick scan does not scan system restore where as a full scan does :)

    They are probaly copies of files you gave to me back a while at the research center that have been copied by system restore(as with legitmate files backed up).

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.