DaChew

Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. More information with a screenshot, can be found here.

Reformatting is always an option, especially when time is considered, but you have been warned, so if you have the time. You need to know what you are up against, this thread will show you http://www.malwarebytes.org/forums/index.p...amp;#entry58063 post 15 outlines a removal and cleanup strategy There are too many curable infections already to waste time with ones like this

You didn't have the computer connected to the internet without a hardware nat(router)? What security programs did you install? Have you run a scan with MBAM?

from another forum It is malware

If it's a resident suite and you've physically disconnected from lan and wan, then all you are going to do if infected, is allow the conflicts to resolve so MBAM can do a cleanup. Teatimer etc do not good after infected and much harm when removing the infection I try to let any scanner have the full resources of the system, if you are infected then it needs it. Why do you think we see so many trained helpers in the HJT forums removing/uninstalling resident protections when their cleanups won't work right?

If you suspect an infection, disconnect from the internet after updating MBAM and disable all resident protection

Are you leaving your optical drives checked in a full scan?

http://www.pinnaclesys.com/PublicSite/us/Home/ Do you have any programs installed from Pinnacle? If so this may be a false positive

finally fixed

That's what the user claimed happened

My favorite tool is running windows xp as a repair disk http://www.michaelstevenstech.com/XPrepairinstall.htm Now that SP3 has finally been released http://www.winsupersite.com/showcase/xpsp3_slipstream.asp these techniques are fairly simple and user friendly Yoda said "Do or do not. There is no try."

MBAM only removed the offending key in the registry Cureit deleted the infected system file

cureit from safe mode killed this computer combofix seems to handle it

Is this vista 64 bit? Are there any other signs of infection?

http://blogs.msdn.com/davbr/archive/2006/1...r-profiler.aspx

For the record, James A. Eshelman and Bill Castner go back to somewhere between God and Moses or at least windows 98. Bill Castner

Bill Castner well they may just be trying to not show any favoritism, and I can understand that, however that fact that they reccomended that MBAM be installed and used for scans kind of says it all

I am not part of the team but without any other signs of an infection I would think this is a false positive, however to test you could let MBAM quarantine the file and see if it breaks your application(web cam?) You can then restore and use the ignore function, that's the beauty of this software(MBAM)

I would have to agree, pending evidence to the contrary 0/39 from virustotal also

I have seen a couple of the big guns say to uninstall it at the end of a disinfection, who knows why? I can't imagine running a windows based computer that connects to the internet without it myself/

Jotti doesn't use trend Scan taken on 02 Feb 2009 13:56:37 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

Just shows where trend has updated their definitions and as such, the file is picked up, it's a false positive Contact trend Another indication, why is trend the only one calling it?

http://www.virustotal.com/analisis/4584695...d82137495377b60 MY mbam-dor.exe was not infected

http://www.bleepingcomputer.com/startups/v....exe-14624.html what device are you using?

So the MBAM programmers should add that code for users that disable task scheduler but don't understand what it does?