Jump to content

Bosnine

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by Bosnine

  1. Nosirrah, Thanks. I appreciate the explanation as well. Happy New Year to you.
  2. Thanks for reply. I did update the program to data base 1596 this morning and ran a scan. The scan didn't pick up the two files, and showed no infected files. I was thinking the srvany.exe listing in Windows Resource Kits was a false positive. Didn't know what to make of the System Volume Information file. You feel both files were nothing to be concerned about? Thanks again for your help.
  3. Hello, I ran a scan earlier today and received a positive for Trojan.Zapchast. My initial scan was with database 1590. I updated twice to db 1592 and the program was still identifying the infection. The update identified an additional positive for the same trojan in System Volume Information. I'm not sure if this is a false positive or an actual infection. I searched Google and checked ProcessLibrary.com for srvany.exe. Seems to be a legit windows system process. I'm posting my scan results for review. Thanks very much for any assistance. Malwarebytes' Anti-Malware 1.31 Database version: 1592 Windows 5.1.2600 Service Pack 3 1/1/2009 10:27:51 PM mbam-log-2009-01-01 (22-27-47).txt Scan type: Full Scan (C:\|) Objects scanned: 114878 Time elapsed: 31 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Windows Resource Kits\Tools\srvany.exe (Trojan.Zapchast) -> No action taken. [4134524130538380756679155966816873668485130121232022262022716826241968222519232 01967712122681923677168671770] C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1932\A0457293.exe (Trojan.Zapchast) -> No action taken. [4134524130538380756679155966816873668485130121232022262022716826241968222519232 01967712122681923677168671770]
  4. melboy, thanks for the warm welcome. I reviewed your link. My experience was like jscottpanama. Malwarebytes quarantined and deleted the false positive. It didn't save a copy in quarantine for me to restore. I had two false positives yesterday. The other was with AVG 7.5. I was able to restore that one. With Malwarebytes, I decided to attempt a system restore to the previous day. I encountered the same kind of validation problems as jscottpanama. I entered the Microsoft CoA key code from my label and Windows XP did not accept it. I basically had to follow up on the telephone activation option. After some tediousness, I was able to enter a code to log into XP. The system restore was successful as well. Although I didn't see that oembios.dat was restored to the System 32 folder. The problem did mess up my AVG 7.5. I had to upgrade to AVG 8.0 which I had to do anyway. I take it that oembios.dat is related to the windows authentication process. My question would be does it serve any other purpose? It seems I can log on okay. Should I just leave it where it is. I appreciate all the posts on the thread. Posts by yourself, ky331 and nosirrah have been very helpful.
  5. Hi, this is a first time post. Today has been a day of false positives. I ran the program and also obtained the false positive on oembios.dat. However, unlike other users, my program quarantined and deleted the file. What steps if any should I take to restore this file? Thank you for your time and assistance. Copy of scan log. Malwarebytes' Anti-Malware 1.25 Database version: 1083 Windows 5.1.2600 Service Pack 3 5:51:05 PM 8/24/2008 mbam-log-08-24-2008 (17-51-05).txt Scan type: Full Scan (C:\|) Objects scanned: 101749 Time elapsed: 46 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\oembios.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.