Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Thank you for your response Mieke, that's not encouraging.
  2. I sure hope my posts made sense and I haven't offended anyone. I don't want to be a pain but, A question w/o an answer makes me lose sleep. lol Anyway here goes again; Can one rely on the dates Windows Explorer displays? I just want to know if a file can be modified or one added on the Windows file system without the dates reflecting that operation? I know it sounds like a MS question but, I have asked before on other forums and have not received a definitive answer. Thanks for allowing me to post here. Also, I ran MB scan this a.m. with DB 3949 and all's quiet on the southeastern front.
  3. I don't mean to beat this horse to death but, I have a couple dozen System Restore points going back to Feb. and yet MB is only picking up, what I presume to be the offending AWhelper.dll file, in two of them. Is MB basing it's finding on attributes instead of file content? Sorry, just a curious thought here. p.s. Was DB ver. 3947 suppose to fix the false positive?
  4. No change: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3947 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/2/2010 12:25:01 PM mbam-log-2010-04-02 (12-25-01).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 187325 Time elapsed: 30 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0092157.dll (AdWare.WebHancer) -> No action taken. C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP445\A0093043.dll (AdWare.WebHancer) -> No action taken. C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> No action taken.
  5. Sorry jumped before reading your last post. I'll try another DL.
  6. Per your advice, I downloaded the latest DB and ran a full scan. AWhelper.dll and two system restore files were found to be Adware.WebHancer infected.
  7. Oh, in case this means anything, I have run MB full scan a couple time since reporting here and AWhelper.dll is still detected as MW but, those registry entries it caught then (listed in my previous post) have not been reported since. ???
  8. Sorry, I had connection problems, then got logged out. Anyways thanks for the zip lesson and here is the zipped file to compare with Amethyst's. AWhelper.zip
  9. Sorry I've unzipped before but, never zipped. I don't think I even have the application.
  10. I tried and your system says I am "not allowed to upload this type of file". I am trying again on this post.
  11. I didn't finish the sentence; why has MWB suddenly determined AWhelper.dll to be adware infected.... Did they follow Kaspersky and F-Secure?
  12. OK, here's my "real" question/concern: Can any type of system intrusion modify or replace an existing file or even place a new one onto the file system and not have the "modified/created" date stamp reflect this operation? My reasoning for asking this is, why has MWB suddenly determined AWhelper.dll? This file has a modified date (08/12/2003) which I presume to be the original WinXP OS HP creation date and (03/29/2006) which is my "system reinstall" date. I hope at this point I have not overstayed my welcome here but, here's something interesting. The Web folder has a creation/modified date of 11/14/2005 but, the Wallpaper subfolder has the same creation date but a modified date 01/02/2009 and yet neither the Welcome subfolder or it's contents nor any of the windows wallpaper files have a modified date beyond 03/29/2006. Is this not right or am I missing something. Please don't shoot the messenger. Thanks
  13. I re-read my last post. I meant by "one more time", that I am trying to limit my posts.lol Hope MWB folks have an answer soon.
  14. One more time Amethyst. I just ran another Full and A Quick scan with SAS and both found no malware adware or spyware. Ok i'll be quiet till we here something from the MAB folks.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.