Jump to content

melboy

Experts
  • Posts

    334
  • Joined

  • Last visited

Everything posted by melboy

  1. Hello PUP detections (Potentially Unwanted Programs) are explained here: http://helpdesk.malw...hey-be-deleted- In addition I would read the terms of use & privacy policies before downloading & installing programs. http://shopping-sidekick.com/terms.php http://shopping-sidesidekick.com/privacy.php
  2. What MBAM Pro can do is potentially block Ransomware threats on three fronts - 1. The IP of the exploit. (Website Blocking) 2. The IP of the payload. (Website Blocking) 3. The payload itself. (Filesystem Protection) Add to that the advice above to keep all your software up to date - especially those programs with browser plugins - then you stand a better chance than if you didn't have this protection.
  3. Hi TableLamp Malwarebytes' Anti-Malware (MBAM) Open Malwarebytes' Anti-Malware Click the Quarantine tab Click to Highlight the item Updater.fpi & click Restore Repeat for Speech.fpi Update & rescan
  4. Yes, I think they are all false positives. The foxit ones have been reported and confirmed to be fixed in the next update. http://forums.malwarebytes.org/index.php?showtopic=124166 The MP3.dll may well also be fixed by that update, if not, I've found a download & can attach the file and dev log. Malwarebytes Anti-Malware (PRO) 1.75.0.1100 www.malwarebytes.org Database version: v2013.03.22.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mel :: OURS [administrator] Protection: Enabled 3/22/2013 18:20:44 MBAM-log-2013-03-22 (18-20-54).txt Scan type: Custom scan (c:\sandbox\mel\defaultbox\drive\c\program files\replay7\mp3 magic\mp3.dll|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 1 Time elapsed: 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Sandbox\mel\DefaultBox\drive\C\Program Files\Replay7\MP3 Magic\MP3.dll (Trojan.Passwords.LD) -> No action taken. [6da4c202e08bf83e154e422b88784ab6] (end) MP3.zip
  5. You can restore those too. Choose Restore all
  6. @ slack7639 The warning is not applicable in your case, it is relevant only to that user's problems in that thread. This is a confirmed false positive. Follow these instructions to restore the file. Malwarebytes' Anti-Malware (MBAM) Open Malwarebytes' Anti-Malware Click the Quarantine tab Click to Highlight the following file only: Trojan.Vilsel - 2013-03-21 - File - C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe [*]Click Restore Update mbam & re-scan.
  7. You are correct , It is still being detected after updating to Database version: v2013.03.21.14. (Now I've removed it from the ignore list )
  8. File attached. Malwarebytes Anti-Malware (PRO) 1.75.0.1100 www.malwarebytes.org Database version: v2013.03.21.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mel :: OURS [administrator] Protection: Enabled 3/21/2013 20:44:26 MBAM-log-2013-03-21 (20-44-36).txt Scan type: Custom scan (c:\program files\common files\installshield\engine\6\intel 32\ikernel.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 1 Time elapsed: 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA} (Trojan.Vilsel) -> No action taken. [4f627c479bd05dd949f1f946e71aab55] HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303} (Trojan.Vilsel) -> No action taken. [4f627c479bd05dd949f1f946e71aab55] Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\ENGINE\6\INTEL 32\IKERNEL.EXE (Trojan.Vilsel) -> Data: 3 -> No action taken. [4f627c479bd05dd949f1f946e71aab55] Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe (Trojan.Vilsel) -> No action taken. [4f627c479bd05dd949f1f946e71aab55] (end) IKernel.zip
  9. I would urge you to get your system cleaned. Sirefef is a serious infection. http://www.microsoft...Win32%2FSirefef
  10. Excuse me for "butting in" I can't see it mentioned in the topic previously, but there's signs of the Sirefef rootkit (ZeroAccess) in the original DDS log. I would repost in the Malware Removal forum. http://forums.malwarebytes.org/index.php?showforum=7
  11. Wherever possible, always run mbam in normal mode, as outlined here - http://helpdesk.malw...e-in-Safe-Mode-
  12. You're not stuck using that method, but that's the method I'd recommend. It might take a few more seconds of your time, but it's more secure.
  13. That change is by design to secure your system & help protect it from a malware attack. You have autorun enabled for your D & G drives (CD-ROM), which will invoke autoplay - the autoplay options for Mixed Content being to Open folder & view files using Windows Explorer, or Take no action.
  14. Hi, do this: Warning. Please note that this fix is specific for this poster and should not be used by anyone else: Open Notepad & copy the contents of the Code Box below to Notepad. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "HonorAutoRunSetting"= 0x0000000001 "NoDriveAutoRun"=dword:03ffffb7 "NoDriveTypeAutoRun"=dword:00000091 "NoDrives"=dword:00000000 Make sure there are NO blank lines before REGEDIT4 Go to File > save As...Name the file name as fix.reg Change the Save as Type to All Files Save it on the desktopClose Notepad. At the desktop, double-click on the fix.reg file, and when it prompts to merge say yes. REBOOT SystemLook Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom /s HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  15. Can you update us on any issues you are still experiencing.
  16. Hi Backup the Registry: Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so. Please go here and download ERUNT. ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Install ERUNT by following the prompts. Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable. Make sure that at least the first two check boxes are selected.(System registry & Current user registry) Click on OK When the Question pop-up appears click on Yes to create the folder. After a short duration the Registry backup is complete! popup will appear Now click on OK. A backup has been created. Then do this: Warning. Please note that this fix is specific for this poster and should not be used by anyone else: Open Notepad & copy the contents of the Code Box below to Notepad. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "NoDriveAutoRun"=dword:03ffffb7 "NoDrives"=dword:00000000 Make sure there are NO blank lines before REGEDIT4Go to File > save As... Name the file name as fix.reg Change the Save as Type to All Files Save it on the desktop Close Notepad. At the desktop, double-click on the fix.reg file, and when it prompts to merge say yes. REBOOT SystemLook Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom /s HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  17. Let us take a look at the settings. Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :reg HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom /s HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /s HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer /s Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  18. To increase security, MS changed Autorun functionality with Windows 7 & earlier this year rolled out an update (KB971029) to affect the change in other OS's (Incuding XP SP3) too. http://blogs.technet.com/b/srd/archive/2009/04/28/autorun-changes-in-windows-7.aspx http://blogs.msdn.com/b/e7/archive/2009/04/27/improvements-to-autoplay.aspx From the DDS attach.txt supplied in your malware removal topic you have KB971029 installed. http://support.microsoft.com/kb/971029
  19. Most ARK's load a driver that does have the potential to crash a system - infected or not. So no, just because it crashes whilst you are trying to run it doesn't mean your infected. If your seeing specific symptoms to be worried about a rootkit, you should post in the malware removal forum and let an expert check you over.
  20. Hi Only certain User Groups have access to the files. Membership of the group(s) is gained by promotion/invitation only. Please see this topic for further information: http://forums.malwarebytes.org/index.php?showtopic=31139
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.