[Trojan.Dropper "Removed" but still there. MBAM won't run!]

Good, but it's not enough. I suggest you to follow my instructions.

I think I'm O.K. now. Mbam found the file that I suspected and removed it this afternoon, so I didn't go further.

Reason Mbam didn't find it the first time is that I couldn't update. I thought it was because I was in safe mode. When I discovered that I couldn't get online with IE, and could with Firefox, I found that my connection settings had been changed as well. Restored them, updated Mbam and it nailed it immediately.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4464

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/22/2010 5:56:31 PM

mbam-log-2010-08-22 (17-56-31).txt

Scan type: Quick scan

Objects scanned: 131273

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\$RECYCLE.BIN\S-1-5-21-1435290023-205703798-4205854837-1000\$RSS9JZX\inmyehishdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Ran both quick and full scan afterwords and I'm clean.

thank you.

[Trojan.Dropper "Removed" but still there. MBAM won't run!]

Borislav,

Hi and Thank you.

I think that I may have got rid of it myself while waiting for your response

I'll tell you what I did and if you think that I should do more, I will follow instructions.

This was a little tricky bugger. After Mbam said it deleted it and it's still going, I booted again into safe mode, ran Mbam again and it said I was clean which obviously wasn't so as I was getting popups all over the place.

I went into Msconfig, found a new item called "xskecdrp" linked to a file named "inmyhisdw.exe".

Neither pacs-portal, bleepingcomputer or a Google search had any info on either of these.

Went back into Msconfig, took xskecdrp out of Startup, then deleted the entire folder that inmyhisdw.exe was in/created.

Rebooted and everything seems to be fine. Mbam runs, no popups. etc.

Do I need to do more and how will I know for sure that I'm clean as Avast never found it and Mbam didn't find it the second time?

[Trojan.Dropper "Removed" but still there. MBAM won't run!]

Got that phony Windows security warning to buy that crappy a-v software.

Mbam wouldn't start.

Started Won7 in safe mode, ran mbam, found trojan.dropper, removed it, then rebooted.

It's still there and mbam still won't run.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4056

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/19/2010 7:26:03 AM

mbam-log-2010-08-19 (07-26-03).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 216847

Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\wharf\AppData\Local\Temp\0.6929776949982932.exe (Trojan.Dropper) -> Quarantined and deleted successfully.