jerryc

This may be a legitimate file that was not cleaned by uninstallation of combo-fix by subs. developers' log: Malwarebytes' Anti-Malware 1.41 Database version: 3168 Windows 5.1.2600 Service Pack 3 11/14/2009 8:45:17 AM mbam-log-2009-11-14 (08-44-59).txt Scan type: Full Scan (C:\|) Objects scanned: 132356 Time elapsed: 15 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\32788R22FWJFW\Combo-Fix.sys (Rootkit.Agent) -> No action taken. [5253514247405230518080857674851534727079851301181717251301222120342236233922362 32620202025202322362321193824172321231913014755]

Well, that is interesting, elitekiller, thanks.

Hi all, New to this board. MB is an incredibly effective program in removing nasties other AV's could not remove. Good job. Now I update and find the same rootkit others have said MB found: backdoor.bot located in msconfig. I removed it to quarantine section of MB but am thinking like those posters above that it is a false positive. I rescanned with MB and it again finds the backdoor.bot Unlike ghot, I am able to run msconfig from the run box. Any advice?