SPD

Anti-malware reports an infected file, that requires a reboot to be removed. After reboot, the file (or a new copy of it) is still present and detected on a new scan. The two logs are below, I am not able to copy the infected file. Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/01/2010 8:48:57 PM mbam-log-2010-01-02 (20-48-43).txt Scan type: Quick Scan Objects scanned: 133694 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260] === Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/01/2010 9:24:12 PM mbam-log-2010-01-02 (21-24-02).txt Scan type: Quick Scan Objects scanned: 133835 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260] I was advised to open a support thread here: http://www.malwarebytes.org/forums/index.php?showtopic=35259

Thanks for the quick reply! I ran the scan again, tried to remove the file and was asked to reboot. After reboot I re-ran the scan again. Same file was found: Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/01/2010 9:24:12 PM mbam-log-2010-01-02 (21-24-02).txt Scan type: Quick Scan Objects scanned: 133835 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260]

Please advise if this is a false positive or a real threat. When i tried to copy the file and attach it I got an error message. Here is the log: Malwarebytes' Anti-Malware 1.43 Database version: 3482 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/01/2010 8:48:57 PM mbam-log-2010-01-02 (20-48-43).txt Scan type: Quick Scan Objects scanned: 133694 Time elapsed: 3 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260]