Jump to content

exile360

Experts
  • Posts

    31,301
  • Joined

  • Last visited

  • Days Won

    41

Everything posted by exile360

  1. Sure, that's possible if the program is made to self uninstall after a certain date/time etc., but not likely as most of the time they're designed to steal as much info as possible because what if the keylogger gets your gmail password, then deletes itself, but the very next day you log into your bank? With the keylogger gone your bank account's safe, but your email is compromised. To most hackers, that banking info would be far more precious, so the longer the keylogger is on your system, the more likely it is to steal something useful.
  2. If you post in the thread you created in the malwarebytes HJT forum with the symptoms the expert who is working your case will assist you. If you haven't created a thread there yet and can't upload the logs because of your current bootloop issue, then simply post there with a reference back to this thread so they can see what's going on and help you get it going.
  3. Greetings and welcome to the forum. To get you fixed up please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. Good luck and safe surfing.
  4. Perhaps slightly unrelated, but based on your 3 criteria listed here that identify an app as rogue, then both Webroot SpySweeper and PCTools SpywareDoctor are rogues.
  5. It was probably just a bad connection to the server causing the database to be corrupted. Hopefully you won't encounter this error again.
  6. Hello and welcome to the forum. To get help, please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 One of the experts will assist you with cleaning up your PC and getting it in working order. Please make sure you don't run any other tools or scanners without the direct instructions of the expert who assists you as this can actually make their job more difficult. I hope I was helpful. Good luck and safe surfing.
  7. Yeah, FP's happen, that's the trade-off with heuristics, but from what I've seen with MBAM so far, as long as you use the quarantine function and update often (and of course report an FP if you believe you've found one), you're relatively safe with MBAM. Marcin and crew are fairly quick at fixing FP's and MBAM has an excellent detection and removal rate of actual infections, some of which are so nasty that other antimalware apps can't even touch them, if they even detect them. And I only use Adaware SE now (have to manually download definition updates through my browser), because I refuse to install 07 or 08 because of the background service you can't get rid of even when using the free version as an on-demand scanner.
  8. No kidding, in fact, as I recall aren't these apps often downloaded and installed by trojans like zlob, vundo/virtumonde, and fakealert and once installed they tell you about the trojan and then ask you to pay for their software so you can remove it? If I'm right then even if it does remove the infections after purchase then you are probably paying the makers of the trojans for software made to remove the trojan. It's like your doctor infecting you with a disease deliberately just to sell you a cure. Not only that, but most often these rogues detect hundreds of infections that aren't even there and after I finish cleaning out the infections on such a system (including the rogue app), I can look back at my logs/detections and see that the only detections the rogue identified accurately were the trojan(s) that downloaded the rogue in the first place (and sometimes the keylogger they installed on your system to snag your info and credit card numbers in case you don't decide to pay them).
  9. Hey, I understand what he meant, it is a somewhat unfamiliar tool to them and they don't want some novice user in here seeing the references to an unknown software and thinking that Malwarebytes endorses it's use when, for all AdvancedSetup knows, it could end up hosing that novice user's PC. Just a cautious warning to make sure users know what they're getting into, I'm sure.
  10. Hello and welcome to the forum. To get help, please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 One of the experts will assist you with cleaning up your PC and getting it in working order. Please make sure you don't run any other tools or scanners without the direct instructions of the expert who assists you as this can actually make their job more difficult. I hope I was helpful. Good luck and safe surfing.
  11. Hello and welcome to the forum. To get help, please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7 One of the experts will assist you with cleaning up your PC and getting it in working order. Please make sure you don't run any other tools or scanners without the direct instructions of the expert who assists you as this can actually make their job more difficult. And by the way, their assistance is free of charge. I hope I was helpful. Good luck and safe surfing.
  12. I definately appreciate it, I've been waiting a long time for this. One thing that would probably be necessary is installing it's drivers automatically when the program runs and having them run from the location of the program itself instead of the System32 folder. That's how SAS seems to work and it does run portably. Of course there could be some differences that I am unaware of that would make this impossible so I won't hold my breath. Thanks for giving it a try either way.
  13. Yeah, it's safe, it's actually made by Kaspersky. btw, checked out the english help file you linked to and found the command line options. Thank you SO MUCH for this. I greatly appreciate it.
  14. As the topic states above, does anyone here know the command line options/switches for AVZ? I've seen it used a few times in malware removals and I figured someone here might know the options as the newest version (4.30) only includes a Russian help file. This may not be the right forum to ask but I couldn't find an english forum for this tool. Thanks in advance.
  15. It is possible that a trojan/keylogger got in when you hit that site. Your system does not store lists of previously typed keystrokes so you only need to worry about private information/passwords you've typed after the infection (if you are infected that is). Just make sure you avoid using email, logging in to banking websites, online shopping etc until you are given the all clear by the expert(s) who will review and help you with your logs. Just be patient and give them time as those logs they go through are huge and many people post new ones every day and they must go step by step with each user to get them cleaned up. Good luck and safe surfing.
  16. Hello and welcome to the forum. It may be obvious to you as I'm not sure how tech saavy you are, but Please open IE and click on the Tools button at the top and make sure there is NOT a check mark next to Work Offline. If there is, click on it to deselect that option and try connecting after closing and then opening your browser. If there was no check mark or unchecking it didn't fix it then open IE again and at the top click on the Tools button, then click Internet Options and click on the tab that says Connections in the little window that pops up click on the button at the bottom that says LAN Settings and check the box that says Automatically Detect Settings if it is not already checked (this is assuming that you don't use a proxy connection where you are, which if you are on a standard home network, then chances are you don't). Restart your browser again and try connecting once more. If neither of those options fixed it for you then please read the information here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and follow the instructions to post in the Malwarebytes HijackThis forum where one of the experts will assist you with determining if your problem is malware related. I hope I have been helpful. Good luck and safe surfing.
  17. I would definetely contact my credit card company and cancel that payment explaining to them that it was a case of fraud (which it was). Also, you may want to post here for each of the computers that you cleaned (yours and your mother's) to make sure they are clean: http://www.malwarebytes.org/forums/index.php?showforum=7 It is where the Malwarebyte's experts and creators hang out and help people ensure their systems are clear of infections, and if not, then they will tell you step by step what to do to get them there. To get started in the Malwarebytes HijackThis forum please read and follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 Good luck and safe surfing.
  18. Unfortunately I don't believe there is a way to exclude a file, however I seem to remember hearing something about Malwarebytes having issues with ZoneAlarm on some PC's. Hopefully one of the mods will get with you on this to provide more assistance and details. Don't give up, though as the experts here should be able to get you fixed up.
  19. Yikes, I didn't even realize such infections existed. Makes sense though, considering that most routers use the same default password from the factory. I'm amazed this is the first I've heard of it if it's an attack vector that's been exploited before, and if it's new I'm amazed it took the hackers so long to think of it. Perhaps this will convince Linksys, D-link and all the others to start using randomized passwords by default that are maybe PRINTED on the router itself for the sake of tech support etc. instead of using the same one for each. Most people don't even realize they can change the passwords on routers.
  20. Hello Dave2680 and welcome to Malwarebytes. The first thing to do would be to boot into safe mode if you can. Simply reboot your computer and wait until the bios screen comes up then tap the f8 key repeatedly. A black screen with some options should appear, just use your keyboard to select safe mode and see if it boots OK. If it does, then I would recommend following the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and then posting here http://www.malwarebytes.org/forums/index.php?showforum=7 One of the malware removal experts here will help you out to get your PC up and running and malware free again. If safe mode does not work, don't worry if you post at the second link I showed you and tell them what's going on they should still be able to help you get your PC operational again. Best of luck, and safe surfing. By the way, I personally recommend Avira over AVG, but it's a matter of opinion.
  21. Nah, if those sites became unpopular they'd just find out what sites/types of sites were popular and bombard them with malware. Heck, years back when people first started to get hit by it (I think it was like 2003), my brother's PC got hit by the Sasser worm from MSN.com which was his homepage as he was on MSN dialup at the time, and of course MSN is one of Microsoft's own sites. As long as there are vulnerabilities there will be malware and as long as there is communication of any kind between computers there will be exploitable vulnerabilities. Being proactive about protecting yourself simply shrinks the size of your computer as a potential target.
  22. You can tell if it's the paid version based on whether or not you are able to enable realtime protection on the protection tab, on the free one (at least for the newest version being 1.30) it will have 2 buttons, one saying Purchase and the other saying Register. To make sure it's up to date you can click on the update tab as long as you have an internet connection and click the button that says Check for Updates. The current database version is 1399. If it is in fact the paid version then the license is good for life and requires no renewal/subscribtion fees. Good luck and safe surfing.
  23. Yeah, those trojans get updated and modified daily to attempt to bypass detection, in fact Malwarebytes and SuperAntiSpyware have developed such a reputation in the community that there are many threats now targeting them specifically preventing either from being installed on an already infected system. A tricky business to be sure, but you can bet the developers of MBAM are all over it, they are some of the best malware hunters out there. I'm glad to hear that you do use other layers of protection as well, because no one product can catch %100 of the malware out there on any given day. That along with unsafe surfing habits and filesharing is one of the main reasons so many get infected with this junk. They think they're protected because Norton or McAfee says they are, but often they are mistaken and end up seeking out help and wondering what went wrong.
  24. Welcome to Malwarebytes! I'm going to answer your questions to the best of my abilities, but please note I am not a developer just another user of the software like yourself, but I do have quite a bit of experience with it and I spend a lot of time on the forum learning about it. First off, you can certainly continue to use your computer while a scan is running, but the scan will obviously slow down whatever you may be doing depending on your hardware. However, that being said you generally only need to use the quick scan function with malwarebytes as it is specifically designed to look in all the key locations where the malware that it detects will hide. It doesn't hurt to do full scans, but as I said, it's usually unnecessary. To answer your second question, FileASSASSIN is freeware and you can absolutely use it without having to buy a license for Malwarebytes antimalware, however if you do purchase Malwarebytes Andtimalware you get the benefit of realtime protection which will prevent threats from installing on your system. The license is lifetime which means you won't have to pay a yearly subscribtion fee and you get full access to not only definitions updates but also software updates. In addition, you also get the benefit of scheduled scanning and autoupdating instead of having to do it manually. Again, welcome to the forum, enjoy your stay and safe surfing.
  25. Most likely Malwarebytes removed a file or files and/or registry keys that had the file locked so that your antivirus could not remove it, but once they were gone, the rootkit lost a layer of its protection. Malwarebytes uses special drivers and techniques itself to remove nasty files like that which is why it was able to get at it when your antivirus couldn't. To answer your second question, the trojan/rootkit was most likely there to try to trick you into buying that fake anti-whatever software and to steal personal information and passwords, so if you've visited any email/banking sites or used your credit card online since you got the infection then you should change your passwords and call your credit card company and let them know what happened so you can decide whether to cancel and replace your cards or just to watch what charges pop up. PS: If you haven't done so already (wasn't sure by your post), you should definetely post in the Malwarebytes HijackThis forum so one of the experts can make sure you are completely clean. Good luck and safe surfing.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.