Jump to content

DarkButterfly

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. So, is this a false positive? (For moments, I was think that it was a real infection, specially after finding the avenger folder and txt file. I don't even know how this got in my system.)
  2. OK... I uninstalled Vista Codec Pack using Revo Uninstaller, and then reinstalled using the installer downloaded from MajorGeeks, just in case Softpedia's version was tampered. Malwarebytes still detects them. Now, I've found something quite odd. I see that at C:\ there's a folder named Avenger and also at the root of C:\ there's a txt file called avenger. This is what the file says: It seems that that tool is a legitimate tool and even has connections with the Malwarebytes team? Anyway, the date of both folder and file is the day after I updated Vista Codec Pack, and it was created as soon as the system was booted, give it or take it. Now, I don't know why such thing would happen. I never downloaded that tool and never used it. I dug a bit and I found an article at F-Secure saying that this tool has been used by a malware, and its started without people seeing it's user interface. Then again, my HIPS didn't alert me for this. My behavior blocker also didn't. UAC also didn't. I'm running in a limited user account and with software restriction policies. Does Malwarebytes antimalware use this tool or the technology it uses? I hope it is ok to ask it here, since it is related (I believe) with all this story of infections being found in my Vista Codec Pack folder. Its just a damn coincidence. Thanks
  3. Ok... here it is VistaUser.zip VistaUser.zip
  4. I just updated and I scanned the VistaCodecPack folder (forgot I could just scan the folder... ) and, it still finds the infection. Why would it detect on mine and not on yours?
  5. That's odd. I see that your definitions version is 2159. Mine were 2157. I'm updating now and will perform a new scan, and see what happens. Just to be sure, I also performed a scan with SUPERAntispyware (sorry for advertising), and it found the same infection, with a different name. I then uploaded to Virus Total, and four detect infections as well. I'll let you know what Malwarebytes finds or not with the new definitions version. Thank you for your time.
  6. Hello, Yesterday noon, I upgraded Vista Codec Pack to it's latest version, 5.2.6, which I downloaded from Softpedia. Today, I was checking my system with Malwarebytes Anti-Malware, and it found infections (Trojan.Downloader) regarding a file in the folder of Vista Codec Pack and a registry entry. Is it a false positive? Thanks mbam_log_2009_05_20__22_10_58_.txt mbam_log_2009_05_20__22_10_58_.txt
  7. Are you guys still having problems? Today, I was going to update, and, this time, not even a error message appears. It just hangs. I don't see any connections being done to Malwarebytes servers, at all. Anyone able to say if the same happens?
  8. I just tried to reinstall MBAM, to see if would solve anything. No deal. It can't update.
  9. Could Malwarebytes being victim of DoS? Or something like that?
  10. I did that, but didn't work out. Now, its outdated.
  11. By the way, in this page you gave http://www.gt500.org/malwarebytes/database.jsp, the database version is 1893. Mine is 1928. Could it be due to that, that the updates are failing?
  12. I'm also having this same issue. I monitored the connections happening, not with any of those tools, but with Outpost Firewall HTTP Log Event Viewer, and the only connection happening is mbam-cdn.malwarebytes.org/news/news.txt No more connections happen related to Malwarebytes.
  13. I was performing a scan with Malwarebytes and it found an infection/possible infection. I ran other anti malware tools and none finds it. Could it be a FP? Log is attached. mbam_log_2008_11_18__15_08_48_.txt mbam_log_2008_11_18__15_08_48_.txt
  14. Yes, the user gave a bad advice. By the way, I'm pretty much sure that the Hijackthis log is clean, but nore 100% sure. I don't know if you guys know how to interpret the results of a-squared Hijackfree? From what I could interpret I have some pretty nasties. I then verified with a-squared antimalware, but does not find a damn thing.
  15. This is what happened... Yesterday, I accidentally clicked on a link that redirected me to scanner(dot)powerantivirus2009(dot)com. I closed the browser right away. I updated all my security apps and performed some verifications. Only SAS found 13 entries, but couldn't remove them. MBAM does not find anything, at all. I already verified with Eset, Kaspersky, Sunbelt, Spybot, Ad-aware and AVG. Nothing finds nothing, but SAS. I then tried Hijackthis and went to www.hijackthis.de, but all comes clean. I then tried a-squared HijackFree and it reports some nasties. The problem is I don't know how to interpret and how to manually clean it. I verified with a-squared Anti-Malware, and it found nothing. This is my Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:04:50, on 17-08-2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\vsnp2uvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe C:\Program Files\Comodo\CBOClean\BOC427.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe C:\Program Files\Haute Secure\CtPopup.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\HostsMan\hostssrv.exe C:\Program Files\Comodo\VulnerabilityAnalyzer\cva.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\COMODO\Memory Firewall\cmf.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe F:\PhoneConnectorVMC.exe F:\VMC.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Opera\opera.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerConnect.exe C:\Windows\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsunami.pt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerIE.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CtBho Class - {6462546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Haute Secure Toolbar - {7792546F-70AE-4abc-B2B6-BE68E9410002} - C:\Program Files\Haute Secure\CtToolBand.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [LinkScanner Monitor] C:\Program Files\ExPLabs.com\LinkScanner\LinkScannerMonitor.exe /auto O4 - HKLM\..\Run: [bOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" O4 - HKLM\..\Run: [CtPopup.exe] "C:\Program Files\Haute Secure\CtPopup.exe" O4 - HKLM\..\Run: [sBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [HostsServer] "C:\Program Files\HostsMan\hostssrv.exe" --start O4 - HKCU\..\Run: [ComodoVulnerabilityAnalyzer] C:\Program Files\COMODO\VulnerabilityAnalyzer\cva.exe -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVI
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.