Jump to content

Kajisight

Members
  • Posts

    18
  • Joined

  • Last visited

Posts posted by Kajisight

  1. What operating system are you using? There is a delay in many cases of IP alerts. If you navigate away from the page too quickly, you won't get an alert. I've experienced this myself on my own system

    OS: Windows XP Home Edition

    I tried going to "http://iptest.malwarebytes.org/" to test it, the log shows it blocked it but I never saw an alert. I even left it trying to open the page for a minute just in case.

  2. I started picking this up today also. I ran a full scan yesterday and nothing, today 15 items and counting. I only visited a few pretty well trusted forums today, so it didn't seem likely, then I checked in here. Since it looked suspicious I aborted and will run in "Developer Mode" as soon as I've posted.

    Thank you so much for replying, knowing I'm not the only one made me feel better. Anytime a scan picks up something my heart skips a beat lol.

  3. i just ran a quick scan and it found 19 infections, I then ran the scan in the developer mode.

    Malwarebytes' Anti-Malware 1.41

    Database version: 2880

    Windows 5.1.2600 Service Pack 2

    9/30/2009 10:15:29 PM

    mbam-log-2009-09-30 (22-15-27).txt

    Scan type: Quick Scan

    Objects scanned: 92798

    Time elapsed: 1 minute(s), 33 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 17

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\TypeLib\{90f3d7b3-92e7-44ba-b444-6a8e2a3bc375} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\Interface\{4921908c-7090-4d37-a6b3-fc447f08378a} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\Interface\{750fc67c-0311-4391-9864-a2efed49bd28} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\Interface\{f3fc950c-7583-4377-bad8-efbeaa33273c} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{0944d16c-d0f4-4389-982a-a085595a9eb3} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{5954ea75-9bfa-461a-bd34-cea3a861ff19} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{a5704c37-40da-49ef-904b-97e5f5f9b1c5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655} (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\actskin4.ocx (Trojan.Agent) -> No action taken. [4054423730538380756679153472707985130192202520182020187014176918181421241823142

    5241869142325712067181869192068269413014739]

    I uploaded the actskin4.ocx file to VirusTotal, here's the link to the results.(Only 1 scanner on VirusTotal found something, it was eSafe that detected "Win32.Flooder.IM.VB." Since just 1 at VT found it, it prolly is a FP?)

  4. Updated and then restored the file that was in quarantine, an scanned after doing that and it all came up clean. Thanks for the quick replies guys, you guys are so fast when it comes to fixing FPs.

  5. I have the same problem. This is FP :)

    Thank you for posting! I feel so much better knowing I'm not the only one, should we wait for a reply before we let MBAM take it out of quarantine an back to where it was.

  6. I scanned my computer with MBAM and it found nothing, I had Database version: 1708 at the time and it found nothing. Then I clicked update after the scan an let it up so scanned again an it found this.

    Malwarebytes' Anti-Malware 1.33

    Database version: 1709

    Windows 5.1.2600 Service Pack 2

    1/30/2009 1:16:40 PM

    mbam-log-2009-01-30 (13-16-40).txt

    Scan type: Quick Scan

    Objects scanned: 50705

    Time elapsed: 3 minute(s), 6 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\drivers\beep.sys (Trojan.Patched) -> Quarantined and deleted successfully.

    I let MBAM remove it an let it reboot like it said. After the reboot I scanned again and it found nothing, should I be clean now if it's not a FP?

  7. Sorry that I didn't read the "Before reporting" thread before posting the above, I will post what it told me to.

    Malwarebytes' Anti-Malware 1.28

    Database version: 1229

    Windows 5.1.2600 Service Pack 2

    10/4/2008 7:58:19 PM

    mbam-log-2008-10-04 (19-58-17).txt

    Scan type: Quick Scan

    Objects scanned: 44833

    Time elapsed: 48 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 13

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\Documents and Settings\Blake\Local Settings\Temp\_is3.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is4.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is5.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is6.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is7.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is93.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_isF7.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is11.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1C.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1D.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is2.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

    C:\Documents and Settings\Blake\Local Settings\Temp\_is23.exe (Rogue.Installer) -> No action taken. [5253514247405230518072867015427984856677777083130126232025211301192217171917172

    12517361917211717222022222223222425353918382519361726171717172020373525353638222

    0

    22202334182323341726382538371724171717172535193736362320212117172334172639392423

    1

    72139393722222022173939182236252321212117172535212320252520392517212422212122202

    2

    20233419192334171825353638382536201724171717172535212317363539]

  8. I updated to DB 1229 and ran a quick scan an found this.

    Malwarebytes' Anti-Malware 1.28

    Database version: 1229

    Windows 5.1.2600 Service Pack 2

    10/4/2008 7:32:38 PM

    mbam-log-2008-10-04 (19-32-36).txt

    Scan type: Quick Scan

    Objects scanned: 44708

    Time elapsed: 1 minute(s), 56 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 13

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\Documents and Settings\Blake\Local Settings\Temp\_is3.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is4.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is5.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is6.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is7.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is93.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_isF7.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is11.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1C.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is1D.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is2.exe (Rogue.Installer) -> No action taken.

    C:\Documents and Settings\Blake\Local Settings\Temp\_is23.exe (Rogue.Installer) -> No action taken.

    I uploaded each file to VirusTotal an they all came back clean, since they all came back clean should I just ignore it?

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.