Jump to content

NT File Manager

Members
  • Posts

    9
  • Joined

  • Last visited

Posts posted by NT File Manager

  1. this has been going on since I started using MBAM around v. 1.4x

    the scan finishes but I can't do anything with the program

    only two things I can do

    it says scan finished

    so I click "show results" button

    it lists the group policy items it thinks are caused by infections

    ie.

    - no system restore config.

    - no recycle bin files

    - no SM search

    - add log off to Start Menu

    all these are set by group policy

    I like my systems stripped not bloated

    after I move those items to the ignore list I can't do anything except click save log

    none of the other tabs work

    and when I click main menu

    it says:

    "you will lose yer scan results"

    if I click exit

    it says:

    "Scan in progress"

    how can the scan be in progress if it already finished?

  2. Are you using Firefox? If there is a problem downloading with Firefox. Tried updated to the latest version. Or try download Malwarebytes' Anti-Malware with Internet Explorer.

    .......................................

    M' Anti-M Free use. XP SP 3

    :::::::::::::::::::::::::::::::

    Thanks for the continued help

    here's the status

    I now have the 1.5 full installer

    I had a friend email it to my GMail

    I forwarded it to my Yahoo email

    I Can DL it from the GMail Servers

    - but not from the Yahoo Mail Servers

    it gives only the first 40KB and then quits saying the DL is complete

    or freezes and never starts (I could leave the DL Window open for the next 26 years and it wouldn't start)

    it seems some servers don't like my connection (WiMax)

    which is crappy at best

    most days slower than dial-up

    never less than 3% packet loss

    and on some days, up to 30%+ packet loss

    on those days nothing works

  3. can't update with either old systems or

    3 Fresh OS Installs on New HDDs

    2 fresh installs are mine,

    and I just rebuilt a system for a friend whose HDD had bombed

    no system here can DL the 1.5 installer in any browser

    so I used the 1.46 installer

    and tried check for updates

    but that hasn't worked for a long time on any system

    I can update everything else

    ie.

    - WinUpdates come down

    - the winupdate site works

    what happens with the MBAM updater is

    the first 5.5MB file completes,

    but when the 7.27 (V 1.5) update starts to DL it fails in less than 3 seconds

    when I try to DL the full installer I get one of two things

    > the first 50KB comes down and then it quits

    or

    > the DL never starts

    - the TechSpot page never asks if I want to save the file and it never starts

    - the CNET page pops the dialog for "save file" but never starts or gives the first 50KB and then fails

    Eset says I'm Clean

    the last sig. update I have for MBAM says I'm clean

    SpyBot S&D says I'm Clean

    I installed MSE, SpyBot S&D and MBAM 1.46

    on my Friends system and it says he's clean

    and it should be it's a fresh install

    and so should my 2 fresh installs

    I don't use the S&D Teatimer

    nor have I "Immunized" the fresh installs

    MBAM1211.png

  4. My apologies for taking this long, my weekends are always packed with stuff to do;

    I'm attaching the file from the win32's for win3.1 that is detected as a trojan dropper.

    W32SKRNL.DLL

    in addition to the GPO item: "Remove search from the start menu"

    I also have checked:

    - "Remove Documents menu item"

    - "Remove my pictures from the start menu"

    - "Remove my music from the start menu"

    - "Disable User Tracking"

    - "Do not keep history of recently opened documents"

    - "Clear document history on exit"

    etc.

    I would think that most people would be more freaked out if their documents, pictures, and music menu links disappeared from the start menu before they'd even notice that Search was missing, and yet these settings aren't detected as problems

    cheers

    W32SKRNLDLL.zip

  5. Hi;

    I was doing some system maintenance on a win2k SP4 Machine and 2 XP-Pro SP3 machines and found some files in:

    - ..\Local Settings\Application Data\

    and

    - ..\Documents and Settings\user name\Application Data\

    when I searched for them they came back as supposedly bad

    fusioncache.dat (no threat detected during scan)

    GDIPFFONTCACHEV1.DAT (no threat detected during scan)

    IconCache.db (no threat detected during scan)

    except these two (which supposedly belong to roxio / sonic)

    rx_audio.Cache (no threat detected during scan)

    rx_image.Cache (no threat detected during scan)

    some of these files had a file date of when the system was built

    so I used the Eset Online Scanner, Spybot S&D, and then tried MBAM

    I had AVG up until 2 days ago and then dumped it because it wasn't working properly

    other than to slow my systems down,

    - it wouldn't even detect the EICAR test string every time

    during the quick scan a registry entry which I created with Group Policy Editor was detected as a HiJack on all the systems

    actually all the anti-Spy/Malware scanners detect this and I don't know why,

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind

    Result > (Hijack.Find)

    this key is created when using The GPO

    User Configuration\Administrative Templates\Start Menu and Taskbar\

    "Remove Search From the Start Menu" (Enabled)

    (I try to remove clutter I don't use from my system / menus etc.)

    so after all that I ran a "Deep Scan" and selected all the drives in my main system

    which has a ton of backed up files from 4 win3.1x machines that I haven't had time to sort out and permanently archive or remove yet;

    here's where it gets weird;

    one 14 year old file from the Microsoft Win32's extension set for 16-bit Win3.1x was detected as a trojan dropper

    D:\310Moved\Server~D\SOFTWARE\WIN~DLLS.100\SYSTEM\WIN32S\W32SKRNL.DLL

    D:\310Moved\Server~D\SOFTWARE\WIN~DLLS.166\SYSTEM\WIN32S\W32SKRNL.DLL

    D:\310Moved\Server~J\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL

    D:\310Moved\Server~L\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL

    E:\310Moved\Server~D\SOFTWARE\WIN~DLLS.100\SYSTEM\WIN32S\W32SKRNL.DLL

    E:\310Moved\Server~D\SOFTWARE\WIN~DLLS.166\SYSTEM\WIN32S\W32SKRNL.DLL

    E:\310Moved\Server~J\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL

    E:\310Moved\Server~L\WINDOWS\SYSTEM\WIN32S\W32SKRNL.DLL

    Result on all files > (Trojan.Dropper) -> No action taken.

    they're all the same file: W32SKRNL.DLL 82,944 Bytes 30/01/1996 23:00

    the file comes from a legitimate program install CD which included win32's and the game FreeCell

    even though those win3.1x systems were never on the internet or even a real network,

    I used Interlink to transfer to the main backup file storage server back then

    and then when I got the new XP system I pulled the largest drive

    and put it on an IDE/USB adapter and pulled the files to the main system now in use.

    should I submit a copy of this file just to verify it,

    sorry for the long post, I hope it makes enough sense.

    summary

    there's really two things going on:

    > where'd those weird files come from and why aren't they detected?

    > and why are a legitimate registry entry and a file from 1996 detected as threats?

    THX

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.