DaChew

the aol malware is quite easy to remove, a simple format of C is enough, running windows as a repair disk I found was a waste of time now if your router, bios, boot sector and data are infected then a flatten takes on a more complexe operation

If the computer was that corrupted and/or the infection that bad, then I would think about running windows xp as a repair disk, that's why I keep several versions of xp with sp3 slipstreamed You could also try system restore from a command prompt

same here

Malwarebytes' Anti-Malware 1.27 Database version: 1128 Windows 5.1.2600 Service Pack 3 9/8/2008 6:28:54 AM mbam-log-2008-09-08 (06-28-54).txt Scan type: Quick Scan Objects scanned: 43727 Time elapsed: 2 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) after I hit remove selected MBAM closed and then rebooted computer and then there was no quaratine entry?

thanks Marcin Maybe my memory is faulty or the thread(s) I saw predated that function or even that the expert(s) was mistaken to err is human

I ran into this set of directions and a few references to similar cases of MBAM not working right with Vista and requiring a reinstall Pardon me I haven't noticed much on this subject, damn Vista

I would not think of using a limited account to scan for malware since you can't remove it when you find it.

these guys are the ones making the big bucks with malware http://en.wikipedia.org/wiki/Russian_Business_Network

It's a shame the audio was so unbalanced Congrats MBAM on another recognition I HAVE KNOWN YOU WERE THE BEST FOR MONTHS and getting better every day

did the inplace upgrade, rebooted, deleted ie temp files before but with temp files thanks for a great program

Okay, did as instructed. Here's the log: Malwarebytes' Anti-Malware 1.20 Database version: 962 Windows 5.1.2600 Service Pack 2 7:40:46 PM 7/17/2008 mbam-log-7-17-2008 (19-40-46).txt Scan type: Quick Scan Objects scanned: 54044 Time elapsed: 5 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 11 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\cnhwtsfi.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ca2940-b842-4298-bff3-cf9dd4df3a2c} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{49ca2940-b842-4298-bff3-cf9dd4df3a2c} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{2329332b-2bf4-4cdc-b86f-5ef78017fc1b} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2329332b-2bf4-4cdc-b86f-5ef78017fc1b} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{660640e6-950e-4f98-86c3-a2d8625e8127} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{660640e6-950e-4f98-86c3-a2d8625e8127} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8facb54e-894c-4620-9445-61c4362e601c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8facb54e-894c-4620-9445-61c4362e601c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cc63d2d6 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\dp\Local Settings\Temp\cbXPfEwW.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\dp\Local Settings\Temp\WwEfPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\dp\Local Settings\Temp\WwEfPXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cnhwtsfi.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ifstwhnc.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\traauejd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\djeuaart.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\colbac.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\BMcf50e14a.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMcf50e14a.txt (Trojan.Vundo) -> Quarantined and deleted successfully. Also, I did a reboot when prompted before I posted these replies. I've since run two more scans, and the problems are still there, even after reboot. I would post the latest log, but I can't go anywhere but Google due to being bogged down. If I can get back here, I'll post the latest. at which point I asked to him to run his AV(AVG) from safe mode Safe Mode AVG just finished its scan. It said that there were no infections found and no infections healed. I just ran Malware bytes and its still finding infected files. I'm going to try running it in safe mode. Okay, I believe Malwarebytes in Safe Mode fixed them. I re-ran the scan in Safe Mode and it didn't find anything, and re-ran the scan in Full Mode and it didn't find anything.

I just had a poster at Bleeping that was running MBAM and refinding the same malware files with normal mode scans after rebooting and then ran MBAM in safe mode and then came up clean with a normal mode scan? RD had said it was a trade off, but others have stressed how MBAM is not effective in safe mode I have always thought the combination of safe and normal mode scans to be more effective in a wider range of cases Hmmmmmmmmm.

Thanks Bruce, I suspected that had happened in one case but with malware it's hard to guess what's going on.

You've misread my post, that's not what I am talking about Some files require a reboot to remove, if you have specified that someone run MBAM and then reboot into safe mode to run a different scanner like SAS, are you interfering with the final cleanup by MBAM? http://www.bleepingcomputer.com/forums/ind...mp;#entry839950 here's an example of what I am talking about that's why I said it was a question for the developers

Does having someone boot into safe mode immediately after running a scan and fix with MBAM interfer with removal of malware files found by MBAM that require a reboot?

http://www.sofotex.com/MultiCore-AntiVirus...oad_L80328.html one of their awards zero reviews

like i said reminds me of peking software http://nuwavesoft.com/PR/antivirus_awards.php look at the awards page, they are bogus when i am globally moderating at digitaldigest, this is how I decide what's spam or not all I am saying is buyer beware

they have a 30 day demo but I am not impressed with affiliates or their English the claim about being universally compatible with all other protections is a little hard to swallow the awards pages reminds me of some peking based video programs another question would be how can quad core running 4 threads access a hard disk any faster, unless you were running 10K striped raid

computer slowness is a complicated cross disciplinary field the equation has too many unknowns

try shutting down avast and winpatrol, seems like a conflict

As an experiment I took an old dell P4 2.4 w/512 megs of ram and a clean install of xp sp3, then applied a standard power user tweak. I then loaded Nort 360, AVG av, spybot teatimer and winpatrol trying to crash the computer, it slowed considerably but not to the point of an average computer with standard crapware. I can't imagine MBAM having a significant impact on anything but an overloaded computer.

thanks GT, What you said makes sense, the website had the code but w/o script it couldn't do anything with it. Another mod at the forum where we investigate spam has complained about having to surf in a sandbox to questionable links, Hopefully those days are over as we have implemented some strong filters.

I only go to a few dangerous web sites and usually just to check out which scripts are running from whom and site advisor The last place I expected to find a trojan downloader was in cache C:\Documents and Settings\Chewy\Local Settings\Application Data\Mozilla\Firefox\Profiles\ur1k2l0l.default\Cache\82B500BDd01 Infected: Trojan-Downloader.Win32.Delf.ilx 1 and I wouldn't have found it except I was trying to show that a kasp online scan of a selected folder was not that time consuming I submitted it to jotti and almost all engines agreed I scanned with MBAM and got a no infection Didn't save it, just used atf cleaner on firefox Still wondering how it got onto firefox, web site injection?

I still use IE6 for safe surfing within forums, but copy and paste dangerous links into FF w/no script IE6 is faster and uses less memory but I wouldn't dream of using it any where dangerous

I am seeing a wide variance in scan times for a similar number of files With my single core it starts out at 100% but drop quickly to 20%, my ram use is relatively small