Kristov

Hi Rich, Thanks for the ultra prompt reply - excellent work.

Hi, My full system scan today (Saturday 22 March 2014) on my XP Pro SP3 desktop revealed several PUP updater reqistry items now dealt with but also the following reported trojan which I believe to be a false positive:C:\WINDOWS2\system32\dllcache\cfgwiz.exe (Trojan.FakeMS). When checked on the VirusTotal website, the file was reported only by Malwarebytes out of a total of 5 different scans. I have attached the file in zipped form cfgwiz.zipfor checking. Thank you.

Hi sUBs, This is to confirm that, since running the update for Malwarebytes and then completing a full system scan, IZArcZip.dat previously reported asTrojan.Ransom, Converber.exe previously reported as Trojan.Injector and PhotoFiltre7\StudioEN.plg previously reported as Trojan.Ransom, are no longer reported. We can now say that this particular issue is resolved. Thank you for your efforts, regards Kristov.

Hi sUBs, Thanks for getting back so quickly and for the reassurance your comment has given. Best regards.

My System is Windows XP Pro SP3 with all crucial Windows updates. Today's (Saturday 03 November 2012) regular weekly manual scan of my system reported three possible trojans. All items have been scanned by other anti-malware software and have not been reported and Malwarebytes, before today's update prior to the scan, has not reported them. I have attached the logfile and zipped files of the reported files. Thank you. mbam-log-2012-11-03 (12-48-45).txt Converber.zip IZArcZip.zip StudioEN.zip

Hi Maurice, As I said, in my previous reply to you, I would run the MBAM-clean sequence and then download and install Malwarebytes. I have now done this and am pleased to report that all went well and Malwarebytes is up and running properly on my system. I have just completed a full system scan (took about 1 hour 35 minutes which is not bad for my system) and this ran smoothly without problems and finding no suspect files. Thanks for your help, the problem for me is resolved. I hope the others posting here have their issues resolved with equal efficiency. Regards and Happy New Year.

Hi Maurice, No, I did not run the MBAM-clean sequence. I will do as you suggest and report back. Thanks.

Additional information to my previous post: Since posting, I have checked the Event Viewer which reports the following that may be of interest: Event Viewer information: Faulting application mbam.exe, version 1.60.0.59, faulting module mbamcore.dll, version 1.60.0.52, fault address 0x00060ae0 Data (Bytes): 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 6d 62 61 ure mba 0018: 6d 2e 65 78 65 20 31 2e m.exe 1. 0020: 36 30 2e 30 2e 35 39 20 60.0.59 0028: 69 6e 20 6d 62 61 6d 63 in mbamc 0030: 6f 72 65 2e 64 6c 6c 20 ore.dll 0038: 31 2e 36 30 2e 30 2e 35 1.60.0.5 0040: 32 20 61 74 20 6f 66 66 2 at off 0048: 73 65 74 20 30 30 30 36 set 0006 0050: 30 61 65 30 0d 0a 0ae0.. Data (Words); 0000: 6c707041 74616369 206e6f69 6c696146 0010: 20657275 61626d20 78652e6d 2e312065 0020: 302e3036 2039352e 6d206e69 636d6162 0030: 2e65726f 206c6c64 30362e31 352e302e 0040: 74612032 66666f20 20746573 36303030 0050: 30656130 0a0d

I have also experienced similar problems to those previously reported in this topic. My system is Windows XP Professional SP3 running AVG 2012 Free anti-virus and Outpost Firewall 2009. I update and then run a Malwarebytes (free version) scan every Saturday. Today (Saturday 31 December 2011), I ran the updater which installed the latest version (1.60.0.1800)on my PC. Immediately the program crashed generating a Windows error and asking if I wished to report to Microsoft. It seems that neither my firewall nor anti-virus application were a cause of the Malwarebytes problem. I uninstalled Malwarebytes and then reinstalled it but the problem persisted. I have now uninstalled Malwarebytes and cleaned the registry of all the Malwarebytes references that I could find. I now await a fix for the problem before I reinstall Malwarebytes which, up to now, has been a useful and valuable part of the security on my system. Presumably news of the progress of this issue will be issued in this forum topic so I shall monitor the posts with interest.

Hi David and Shadowwar, Thanks for your related links and clear explanation relating to my post. I don't think there was anything sinister in the CNET file as I was given the option not to install the unwanted bits but, as this option could easily have been missed and the unwanted items installed, I shall look for other sites for items such as GMER in future.

Hi, I downloaded an application from the CNET site. Initially the site provides an exe file that must be run to obtain the installer for the required application (in this case, GMER). It is the initial file that Malwarebytes identified as a PUP Adware downloader. I feel sure that the file is ok - it was picked up neither by my AVG 2012 anti-virus software background operation nor its full system scan. The appropriate files are attached. Thanks. cnet2_rt60ln90_exe.zip mbam-log-2011-12-24 (12-57-21).txt

Hi Shadowwar, Thank you for your post. After the next update, should I restore the affected registry keys or are they surplus anyway? Since quarantining them, my system has not developed any odd behaviour but I do not know if they are important for any applications I have not used since Malwarebytes reported them as Trojans. Any advice would be much appreciated. Thanks.

Hi Lucie, Yes, thanks for that link - as well as the recent reports, I was also able to find references to the same false positive occurring a few months ago. It seems odd that it was resolved then but has cropped up again after an update. If I understand correctly, the reporting of possible malware by Malwarebytes that is found only in registry keys and not linked to other folders on the system, suggests it is the residue of something cleared by anti-virus software previously and is in itself harmless. AVG Anti-Virus 2011 has not reported anything for many months so I am a little puzzled but I have, however, quarantined the affected registry keys anyway. If after a few weeks of no system problems, I will delete them entirely.

Thanks for your reply Lucie and the link to the related set of posts. I use AVG 2011 Free on my system and do full system scans every weekend followed by a Malwarebytes scan. AVG has not picked up anything for months and neither has Malwarebytes until today when I scanned immediately after updating. I notice that the threats/false positives mentioned, in the posts you kindly directed me towards, were sometime ago (last April in one case), so it is strange that previous Malwarebyte scans did not find anything on my system (false or otherwise) as I am sure the registry keys detected this time are not new.

Hi, The attached logfile shows what I believe to be a false positive but for the time being I have quarantined the suspect keys. I would be grateful for any reassurance that this is indeed a false positive. If it is not, is my system now safe that the keys are quarantined and should deletion be my next step. Thanks. mbam-log-2011-07-23 (13-38-22).zip

Hi sUBs, Thanks for your very quick reply. Yes you are right, Nirsoft did make ProduKey. Somehow the ProduKey files got into the folder containing the unzipped GMER program. I am not sure how that happened but I have removed them from my system. Sorry to have troubled you and best regards.

Hi, My regular weekly Malwarebytes scan today (Saturday 30 April 2010) picked up the GMER executable file Produkey.Exe in my recent download. Other security software has not found any problem with the file so I have attached a zipped copy of the file together with the log of the scan. My computer's operating system is Windows XP Professional SP3. I hope I have provided sufficient information. Thank you. mbam-log-2011-04-30 (21-42-25).txt ProduKey.zip

Thanks nosirrah, I've scanned the file today after updates for Malwarebytes and there were no problems with the file this time.

Today, after updating Malwarebytes, I ran a scan which reported a file as containing trojan.banker. The file,deltreew.exe, has been on my system for some time and has neither been reported by my other security software nor by Malwarebytes before today's update. I checked a previous backup of the file and that is also now picked up by Malwarebytes as containing trojan.banker although it was cleared by Malwarebytes before. It seems, therefore, that the file in question has not recently been infected. The log of the scan is as follows: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4340 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/07/2010 10:26:53 mbam-log-2010-07-23 (10-26-53).txt Scan type: Full scan (C:\|H:\|I:\|J:\|) Objects scanned: 218686 Time elapsed: 1 hour(s), 9 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\DRIVERS\NECMENU\DELTREEW.EXE (Trojan.Banker) -> Quarantined and deleted successfully. I have a zipped copy of the file in a folder on my desktop but it has been removed by Malwarebytes from its original location. Could this be a false positive as none of my other security software picks it up? Thanks DELTREEW.zip