Cheemag

In short a reinstall. Thanks. I'll get back if it doesn't work. Regards, Cheemag

Mbamgui.exe /starttray does not start at boot time - it's in the startup but it has to be started manually. Windows-7 Professional 64-bit SP-1 with MBAM Pro, Avast! Free and Zone Alarm Free. Suggestions? Regards, Cheemag

Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.26.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Jim :: BB [administrator] Protection: Enabled 26/06/2012 18:13:56 mbam-log-2012-06-26 (18-33-12).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239016 Time elapsed: 18 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Download\installfreefileopener_1556.exe (PUP.BundleInstaller.IQ) -> No action taken. [90fa9c5c28348ea84b59cfe0a45cb44c] (end)

I've determined that these occur only when Firefox is open and TcpView confirms that they are coming from Firefox. Must be an add-on. I'll try deleting them all and adding them one by one. Regards, cheemag

Thank you very much for that useful information. It hasn't come up since, but I'm keeping an eye on the situation with TcpView. Again thanks; -- Cheemag

This morning MWB is persistently blocking outgoing access to 199.27.135.184. I don't understand the concept of outgoing access. Does this mean malware on my computer is trying to contact 199.27.135.184. MWB scans find nothing. Avast scans find nothing. -- Regards, Cheemag

It wasn't found on a scan, it just popped up: SnapDb twice, the Autohotkey one once. The programmes were declared clean by Avast and MWMB after download. Nonetheless, I'll update and scan again. Regards, Cheemag

MWB reports SnapDb_ansi.exe and autohotkeysc.bin as containing trojan backdoors. I cannot believe either of these harbour malware. This only happens in XP SP-3, not in Windows-7 64-bit. Comments?

I did all of that to no avail, the second item was still in the startup. I just deleted it.

After installing v1.51.0.1200 I get a message at boot-time to the effect that MWB is already running. I have two instances of MWB in my startup: mbamgui.exe /starttray and a just plain mbamgui.exe so I assume one or the other will have to deleted. Presumably the latter? Regards, Cheemag

Unfortunately I don't now know the URL for the site from which I got the infected file. There are many offering Firefox downloads besides Mozilla itself. You mean by getting a support ticket?

The Savetubevideo thing isn't a virus, it's a "search hijacker", and in retrospect probably not detectable by either an AV or by MWB. Won't be necessary. The usual method of removing this nuisance is by deleting files and folders. Oddly, although I found one folder, it was empty. I suspect that I had downloaded an infected copy of Firefox from what appeared to be the Mozilla site. Uninstalling that and getting a fresh copy of FF seems to have solved the problem. Neither MWB nor the ESet scanner can find anything except the AOA Audio Converter, which the latter considers a threat. Thanks for the response.

After re-installing Firefox I became infected by Landing.savetubevideo.com. MWB did not prevent the infection nor did it detect it during a full system scan after the event. StopZilla detected it - and found four other infections which do not in fact exist on my machine. It demanded payment to remove the existent and non-existent infections! I presume StopZilla is scareware, but I would have expected MWB to have either prevented the infection or to have detected and removed it.

MWB is throwing up a false positive for the following, which seems to be an Avast antivirus site in Chicago: Today, 15 January 2011. 10:55:59 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) 10:56:01 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) 10:56:07 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) 14:57:41 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) 14:57:44 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) 14:57:50 Jim IP-BLOCK 67.228.77.19 (Type: outgoing) This could probably prevent me from getting Avast updates? Regards, Cheemag.

That worked! Let's hope it sticks.