Jump to content

DCross

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by DCross

  1. Good to hear that it's an FP. Thanks.
  2. Like other users I ran a full scan today and had a bitsadmin.exe file in c:\\Windows\winsxs flagged as Trojan.FakeMS. Is this a false positive? The fact that the file in question is dated 2009 on my computer leads me to think that it might be (as does the fact that a quick scan earlier today and a full scan last night didn't detect any problems). Results of scan in developer mode attached. (Apologies if I should have posted this to the post below, but the instructions said don't reply to other users' posts so I wasn't sure) mbam_log_2011_01_04__18_42_35_.zip
  3. Thanks, that seems to have done the trick. As I say, Avast has never had a problem with Mbam before on my computer, but I guess that both programs are constantly changing in terms of what's picked up as a threat and what isn't.
  4. I ran an Mbam scan after downloading the latest update and just after the scan was complete I got a warning from Avast telling me that a suspicious file had been detected (using a heuristic method). The file in question was C:\Windows\system32\drivers\mbamswissarmy.sys (hidden services) which as far as I can gather is an integral component of the real time version of Mbam. I've had Mbam and Avast 4.8 functioning in harmony for quite a while now and this is the first time this detection has happened. Is this due to some new process being added to Mbam, and am I right in thinking that I should just tell Avast to ignore all such detections in future?
  5. Thanks DragonMaster Jay. I hadn't realised that NoScript could be used to block certain scripts from running on a page whilst allowing others (was previously impression was that it was an all or nothing thing where you either blocked or allowed everything for a particular site). I had been browsing with Javascript switched off and just switching it back on when I was on certain sites; but this is much better.
  6. Sorry if this is a bit of a brainless question, but does NoScript offer many benefits over justdisabling Javascript in the Firefox internet options menu? When I turn off Javascript it seems to prevent any Flash, Silverlight et al features from loading, so I just assumed they all needed Javascript enabled to run. Is NoScript more complete in its blocking of these things or just more convenient? Also, I am currently running a combination of Avast Antivirus (free version), Comodo Firewall with Defence+ (free version), Malwarebytes (full version) and Windows Defender. Is this enough in terms of security for a computer that's used for daily online browsing and semi-frequent Paypal transactions? I don't use any filesharing/p2p applications and try to be as careful as I can about which sites I visit, but there have been occasions when I've inadvertently ended up on some infectious looking webpages; and the seemingly ever increasing nastiness of malware does make one a bit paranoid.
  7. Thanks for looking into this. I've deleted the file and will keep an eye out for any suspicious activity going on on my PC (though none of the other security programs I use are picking anything else up). I quarantined the file without thinking to first look at the properties so I've no idea how long it's been there, but it sounds like it's been present on at least one person's computer for a very long time without incident, so hopefully it's just a relatively harmless anomaly. If it is indicative of some kind of mishap having occurred during the installation of the drivers for my printer it might explain why I've had so many problems with the printer in question.
  8. A couple of people here http://www.malwarebytes.org/forums/index.php?showtopic=32463 seem to have found some kind of association with hp printers (which I also have). This thing wasn't picked up on my computer until yesterday's scan and I haven't had a malware infection for almost a year (and even that may have been a false positive - I didn't know about the existence of this forum at the time). Neither Malwarebytes, Avast Antivirus, Windows Defender or Comodo Defence plus seem to be picking up anything else untoward going on, so I seem to be otherwise clear. It's very peculiar.
  9. After upgrading to the full version of Malwarebytes last night the first quick scan I ran earlier today picked up autorun.inf in System 32 as a malware.trace. Not certain what I was dealing with I quarantined it and then restored it when I returned home from work in order to scan in Developer mode in safe mode (log attached). The infection wasn't detected in Developer Mode so I ran a another Quick Scan (log attached) which did detect and quarantine it once again. From what I could gather from googling system32\autorun.inf this would seem to be a very suspicious sort of file; however, Malwarebytes hasn't detected any other malware so I'm not quite sure how to proceed. Am I dealing with a false positive or a real piece of malware. The last clean scan I ran (using my old free version of mbam) took place at 7pm last night and so I can only assume that if it is malware I either picked it up from the web browsing I did last night (no downloading apart from the malwarebytes upgrade) or it was something that I've had for a while that the free copy of mbam wasn't picking up. Either way any advice on how to proceed would be very welcome. mbam_log_2009_12_02__19_39_49____developermodescan.txt mbam_log_2009_12_02__19_44_34____quickscan.txt
  10. Thanks for the quick replies I can't find much information on how Windows Security Essentials compares to Avast, so I'm not eager to replace my antivirus just yet. Is the Security Essentials anti-spyware component significantly better than Defender? My parents computer is currently running Spybot Search and Destroy, but, as was mentioned, it really does slow the system down, so I think that one's probably out. Anyway, having noticed that the Malwarebytes full version requires a one-off payment that can be made using Paypal rather than a subscription (the main thing that deters me from paying for security software) I think I might purchase that for real time protection. exile360 would you recommend using HostsMan in addition to the IP blocking facility available in the mbam paid edition?
  11. This morning I was forced to uninstall my starter edition copy of Spyware Doctor 6 after receiving an error message on start-up and each subsequent time I tried to open the program. I planned to just reinstall it from CNET or the PCTools site, but found that the starter edition was no longer available there (there was a free edition, but it appears that this version does not actually remove the malware it detects). Now, there is, I think, a starter edition with anti-virus available with Google toolbar, but as I'm happy with Avast I'd rather not install it. Are there any other reputable free programs that offer real-time anti-malware protection? I'm currently running Avast antivirus, Windows Defender, and Comodo Firewall with Defence+ in real time and perform regular scans with Malwarebytes, but I'm not sure if this is enough or not.
  12. Thanks for the quick response I've posted the log to the False Positives board, so hopefully it'll turn out to be something and nothing.
  13. This infection was found on two different computers (in full scan mode only) in the same residence earlier today and we suspect that it may be a false positive. Please find logfile from developer mode attached. mbam_log_2009_09_15__17_46_36_.txt
  14. This morning I ran a full scan and found two infections listed as Spyware.Banker (I've been running one quick scan a day for the last week and have not found any infections until now). I removed them, rebooted, ran two more full scans (one in safe mode) that reported no further infection. I assumed at first that the infection had been the result of accidentally clicking on a piece of spam mail received to my gmail account; however, a subsequent full scan run on my parents computer revealed an identical infection there (a quick scan conducted immediately prior to this did not reveal any infection). As we don't tend to visit the same websites I found it quite odd that we should get the same malware infestation at the same time and wondered if it was perhaps a false positive (in which case I've deleted two .exe files I shouldn't have from Packard Bell's) or if it's just something that's very common at the moment. If the latter is the case then I'm worried that the infection has been there for several day, undetected by the quick scans, and that a major security breech may have taken place without our knowledge. I've copied and pasted the revelant Mbam log below and would appreciate any further information anybody can provide. Malwarebytes' Anti-Malware 1.41 Database version: 2801 Windows 6.0.6002 Service Pack 2 15/09/2009 12:07:38 mbam-log-2009-09-15 (12-07-38).txt Scan type: Full Scan (C:\|) Objects scanned: 240144 Time elapsed: 1 hour(s), 6 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Packard Bell\Recovery DVD Creator\mountlbl.exe (Spyware.Banker) -> Quarantined and deleted successfully. C:\Program Files\Packard Bell\Smart Restore\mountlbl.exe (Spyware.Banker) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.