Jump to content

sandybeach

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, AdvancedSetup ! Thanks ever so much for your quick & definitive reply. I'll notify SAS of the F.P. later tonight. Best Wishes for the Happy Holidays at hand!! Malwarebytes Rocks!!! Sandy
  2. the file is located here: C;\program files\malwarebytes anti-malware (chameleon ) svchost.exe. For 1st time ever SAS found & tagged it as a "trojan dropper/svchost fake". I suspect it's a false positive so didn't quarantine it. In other posts here I saw the chameleon seemingly listed as part of MBAM. Thanks! Sandy P.S. I'm posting this on an XP laptop w/ Firefox. I previously tried to post w/ my old Sea Monkey 1.x and COULD sign in & enter "topic title" line but could not enter /type into the main post (no cursor showed, the main post box just moved up or down). So could not post at all!! Aaargh! .
  3. Just final update: After latest update, scans completely clear!! Thank you ever so much for your time & expert help! As always, great service! Best wishes to all my friends here. Sandy
  4. Thanks for quick reply, nosirrah! Will do & have a great new year!! Sandy
  5. Hi, Again! I MUST be suffering from NYE brain freeze!!! After seeing posts by "MAM" & "Hayton" here: http://forums.malwarebytes.org/index.php?showtopic=71629 I think I can breathe easier! Sandy
  6. OOPS!!! Just realized that you have a separate forum for FP'S!! My BAD!!! Please relocate to correct forum! Thanks, Sandy
  7. Have run MBAM scan every night always clean. Last night (Jan 1st/2011) scan suddenly popped 6 trojans (?) current:Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5432 Findings: Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5F327514-6C5E-4d60-8F16-D07FA08A78ED} (Trojan.Downloader) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{D4D8199E-E376-4D57-8B08-BBF87E1F36B1} (Trojan.Downloader) -> No action taken. HKEY_CLASSES_ROOT\Interface\{11178075-25D2-4C9C-8087-4C36924091E1} (Trojan.Downloader) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F327514-6C5E-4D60-8F16-D07FA08A78ED} (Trojan.Downloader) -> Value: {5F327514-6C5E-4D60-8F16-D07FA08A78ED} -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\wuaueng.dll (Trojan.Downloader) -> No action taken. c:\WINDOWS\system32\dllcache\wuaueng.dll (Trojan.Downloader) -> No action taken. ******************** Have temporarily placed in "ignore list" until find out more. All seem to be legit Win update files best as I can tell from Googling. Needless to say I'm rather afraid to wander the web with this outstanding! Since this is an old OS, Win update disabled & unused anytime in last 6 months. Main A/V is Sunbelt Vipre trial version (1st thought MBAM was finding Vipre as trojan). Also have SAS, Stinger, Blacklight. All seem to report clean. Please try to confirm real/False positive asap. Thanks for your attention!! Sandy
  8. Hi! Thanks for responding! It's actually his fathers machine. His original post started this way: "Acer Aspire 3680 Laptop running Vista. I installed Ad Aware, Malaware Bytes Anti Malware, and Avira. I am unable to download updates of any of them. It is not an internet issue as I can go online." Thru multi posts I variously had him disable AAW, try sys restore, check his dns & net connections , no proxy and manually update MBAM & linked him to exile 360 post. After admitting the IE story, I had him download SAS & manually update & run their repair tools for IE policies & LSP chain repair & scan. Also manually check IE settings to default just in case. Suggested firewall settings , UAC, Security Center settings, Said he'd tried all. No infections found. No Luck. I admitted I was getting low on ideas suggested he might try here and link to this thread to avoid duplication and suggested others may have ideas. Only "others" response there was basically too many protectors. **** After that he seems to have abandoned the thread (can't blame him). **** I suspect his father probably had Norton or McAfee on the machine originally don't know if removal tools were used. Never replied with what firewall in use. In other forums he'd posted problems getting 6 machines to work on a non server windows OS network (apparently 5 is the limit) & suspect his fathers machine is or was to be one of the 6. Unless he posts here, I'm considering the thread closed & thanks again for the time & effort! of you BOTH!! :-) Sandy
  9. Hi Again, Sam!! The poster has tried numerous things including all of your leads as well as my own & still says "No LucK'. He later posted that his IE 8 ( & IE 7 before that) won't work at all & gets on the net via Mozilla now. I'm out of ideas now. I've suggested that he try posting here & to please link to this string to avoid duplication> Thanks again for your time & help! Sandy
  10. Hi, Sam!! Thanks for a most extensive course of action re fixing the EC732!! Also ..Thanks for the New Version 1.45 delivered & installed successfully this evening! Went in like a dream as usual! The request was for another poster elsewhere having the problem so I will link him to my post w/ your reply. Hopefully, my earlier advice will have been enough but just in case.... I believe it's in the firewall and probably didn't get ALL the different files ok'd there. Great service as always here! Thanks again & will post back with results or forward him here if negative. Sandy
  11. what problem Error Code 732 (12029, 0). indicates?? Suspect it may have to do w/ internet access? Firewall permissions? Vista OS. TIA!!! Sandy
  12. REPLY: Thank you for your reply AdvancedSetup, I have NO REASON to believe I'm currently or recently infected. I have in the last 2 days run full scans with up to date MBAM, SuperAntispyware, Adaware1.06SE, Spybot1.6, F-Secure Blacklight, Stinger,AVG AS 7.5, AVG Anti-Rootkit (discontinued), & completed HJT2.02 which I compared line by line with same completely clean scan from 11 months ago. ALL Active X's are disabled, all net bios items (like printer sharing, remote help etc.) are disabled along w/ Messenger Chat etc/etc. Machine as close to 1 way out as reasonably possible. There has been nothing found by any (not even tracking cookies) & the HJT have only 3 items changed beyond updated Sea Monkey Browser & Sun Java: added SAS, ERUNT\AUTOBACK.EXE and recent installed change to Open DNS. I have no symptoms of infection, nor any suspicious behavior by machine in performance,re-directed web sites or unusual activity in task mgr, CPU usage nor start-up items' nor registry items changed according to S&D TT (no alerts). Port scans show stealth except for re-directed to nowhere url for port#113. I only posted item as a possible F.P. as a FYI in case others have similar result on that file or in case my MBAM had become corrupt, which I have no reason to believe. Just to be safe, I'm going to delete the .Rar & it's text files which I only had as a possible future need anyway & delete whatever is in the MBAM quarantine. Since machine is still happy. Personally, I've always suspected Panda of too many FP's & seeing "you may need to turn off AV & Firewall & put in trusted zone" (I never allow anything or one in there) & re-activate all those A-X's would give me nightmares. I thank your Time & for offer of help, which, perhaps, at a future time I may well require. I love your program & fast service/response to inquiries. Keep up the good work on our behalf! Sandy
  13. OOPS!! Just noticed that the infected file indicated is the TEXT description/Instruction (notepad) I saved along w/ the .Rar Weirder still!!
  14. First Post so will be excessive I'm sure. Will Give All I Can: Followed a Norton link to a .Rar fix for the above malware to save for possible future need: http://net-studio.org/application/brastk.php It downloaded perfectly w/ all 403Kb and was saved to "My Documents" where I proceeded to right click scan the file with: 1) AVG Anti-Spy 7.5 2)Malwarebytes Anti-Malware (MBAM.exe) 3)Spybot 1.6 In every case reported "nothing found" so I was happy enough! Later that evening, as usual, I ran a full system scan w/ MBAM.exe which returned 1 "infection" in my "settings & desktop" (?) BrastkRemover.rar. NOT in My Docs! Perhaps it includes "my docs" as part of my "settings & desktop". I used the program to remove it to the quarantine area where I have left it. Being confused by this strange finding (F.P.?) I went to "My Docs" and low & behold, the .Rar file was still there (not removed)!! A "Copy" appears in the quarantine. (??)! I'm assuming this s a false positive but the not finding & then finding/ removing & not removing has me a little befuddled. Having been suggested I post it here & see instructions for Developer version, I went back & did one which found nothing. So maybe you already fixed via update? Anyway, I've copy & pasted both the original "Infected".log & the "clean" developer log (I hope as visually, to me, there's no indication which is developer version, might help to add distinguishing notation,for when separating from main log list). Thanks for scratching your heads on this one!!! System info if needed just ask. Infected log: Malwarebytes' Anti-Malware 1.30 Database version: 1361 Windows 5.1.2600 Service Pack 1 11/4/2008 6:34:25 AM mbam-log-2008-11-04 (06-34-25).txt Scan type: Full Scan (C:\|) Objects scanned: 80922 Time elapsed: 26 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Sandy\Desktop\ANTIVIRUS 2009 BRASTK REMOVAL.TXT (Rogue.Antivirus) -> Quarantined and deleted successfully. *************************************** Developer Log (clean): Malwarebytes' Anti-Malware 1.30 Database version: 1367 Windows 5.1.2600 Service Pack 1 11/5/2008 6:09:02 AM mbam-log-2008-11-05 (06-09-02).txt Scan type: Full Scan (C:\|) Objects scanned: 80675 Time elapsed: 22 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Ideas?? Sandy
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.