Jump to content

tedus987

Honorary Members
  • Posts

    61
  • Joined

  • Last visited

Everything posted by tedus987

  1. HI i've recently turned this PC on after it being off for almost a year and ran MBAM, now before the long hiatus the MBAM scans came back clean for over 2 years, however this machine was infected and cleaned near the start of it's long run. i wanted to check if the registery keys in this report is an FP or maybe remants left unnoticed. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08/06/2016 Scan Time: 07:17 Logfile: mbam report.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.08.02 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Luke Scan Type: Custom Scan Result: Completed Objects Scanned: 792234 Time Elapsed: 2 hr, 39 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 4 PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8859D5A8-E3B8-4918-BE0E-BB129F285742}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, , [176b9f5b0c8d51e554f4d10bb84b0bf5] PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{17C7CAB3-6D64-4B3A-ACE0-791D67CBE4B0}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\dmwu.exe|Name=dmwu|, , [9ce6d624b5e432047ccc1ebe986b5ea2] PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{63ABBC34-2F8B-4643-8E01-3C32056E0836}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\ARFC\wrtc.exe|Name=wrtc|, , [5c26dd1d8e0b7db93f08ac3016edd828] PUP.Optional.Perion, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{513521C8-FFCD-4D60-A547-D34E49105B89}, v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\ARFC\wrtc.exe|Name=wrtc|, , [6121b04ad9c059dd9cab914b669dde22] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 PUP.Optional.Conduit, C:\Users\Luke\Downloads\clean.exe, , [dfa3cf2b910852e40691773bb44d8b75], PUP.Optional.Conduit, C:\Users\Luke\Downloads\zafwSetupWeb_110_000_054.exe, , [ee948179b7e285b10e8902b022df34cc], PUP.Optional.Conduit, C:\Users\Luke\Downloads\ZASPSetupWeb_110_000_054(1).exe, , [bec4d42658416ec81f78456d3ec33fc1], PUP.Optional.Conduit, C:\Users\Luke\Downloads\ZASPSetupWeb_110_000_054.exe, , [354df9019efb6dc9d2c5c1f14fb256aa], PUP.Optional.Conduit, C:\Users\Luke\Downloads\ZASPSetupWeb_120_104_000.exe, , [6b172ad01f7aa591dfb8f8ba6a977d83], Physical Sectors: 0 (No malicious items detected) (end) i have deleated the old zone alarm files, my main concern is the registry keys.
  2. By removed I meant deleted, sorry I'm not so good at picking my words sometimes.
  3. Thanks, already removed them after I posted since they were three years old.
  4. Hi, just thought I’d post this, MBAM detected some old zone alarm installer from back in the day, have attached log and files. I’m aware that it might be due to the fact that zone alarm offered to have a search bar add-on powered by conduit but I’ve made sure to never install it. Since the files are old (3 years) I’m going to delete them anyway, however I thought it would be best to check if they were FPs while I had the chance. MBAM possible FP.txt old zone alarm installers.zip
  5. hi malwarebytes detected this, FP? Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 23/03/2015 Scan Time: 17:34:11 Logfile: false positive 23032015.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.23.05 Rootkit Database: v2015.02.25.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Custom Scan Result: Completed Objects Scanned: 665804 Time Elapsed: 1 hr, 11 min, 18 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 Trojan.Dropper, C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe, No Action By User, [1297a67cb1d973c3ae82ed4c44becc34], Trojan.Dropper, C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe, No Action By User, [f1b840e2f09a50e6be7268d112f00df3], Trojan.Dropper, C:\Program Files (x86)\Google\Update\Install\{6D021DAD-46F4-45D9-8637-72BB35912FCB}\GoogleUpdateSetup.exe, No Action By User, [3475ee34f7931d1963cd9b9e22e015eb], Physical Sectors: 0 (No malicious items detected) (end) GoogleUpdateSetup.zip
  6. yeah i just got these as a detection but these files have been on since i first booted my PC virus total gives them 1/61 as a detection Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 27/01/2015 Scan Time: 16:29:19 Logfile: Malwarebytes log 270115.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.27.07 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Luke Scan Type: Custom Scan Result: Completed Objects Scanned: 827293 Time Elapsed: 2 hr, 44 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.Chrome.INJ, C:\Program Files (x86)\CyberLink\PowerDVD10\AudioFilter\dcv.dll, , [a4ad20d7d6b30a2c59568987689d34cc], Trojan.Chrome.INJ, C:\Program Files (x86)\CyberLink\PowerDVD10\AudioFilter\dec51.dll, , [72df1ddaa3e63ff7149ce52bbd48b34d], Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes log 270115.txt attacked files.zip
  7. ok, 48 hours, full turn off and on, 4 scans in to see if a second scan causes anything per day. no repeats of the incerdent. looks like everything's ok, thanks for your time.
  8. 24 hours in and no repeate performance, scanned like normal, updated like normal. 24 more hours to go...
  9. ok, i'll just run my PC as normal for the next 48 hours and get back, if that hickup happens again i'll get the logs. if not i'll consider the matter closed, i was just worried it might have done some damage.
  10. so i just started my PC after being a few days off and updated malwarebytes before trying to scan. it then cropped up a SDKDatabaseLoadDefaults failed with code:2i closed the scan down, restarted malwarebytes and re-updated, once i restarted the scan it seemed to work fine. i'm just woundering if it only crops up once do i just leave it alone or do i do bring it up to you guys?
  11. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 24/07/2014 Scan Time: 12:28:14 Logfile: file detection.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.24.02 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Luke Fitton Scan Type: Custom Scan Result: Completed Objects Scanned: 359479 Time Elapsed: 35 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Spyware.Zbot.ED, C:\Users\Luke Fitton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5H4EBOF9\swflash[1].cab, , [861b3a66d5a6bd7920678c0f49b86799], Physical Sectors: 0 (No malicious items detected) (end) ------------------------------------------ virus total https://www.virustotal.com/en-gb/file/8485c657b67826883cb7415b4372681994380ced50018c4aec316f57c7a6b48d/analysis/1406203846/ ------------------------------------------ just want to check if it's an FP or not. swflash1.zip file detection.txt
  12. hi this was just detected on my GF's computer under E:\Installed Games\Steam\SteamApps\common\gamemaker_studio she's had this app for a good 6 months so i suspect it to be a FP. MBAM log ------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08/07/2014 Scan Time: 18:57:02 Logfile: MBAM FP log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.08.07 Rootkit Database: v2014.07.07.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Custom Scan Result: Completed Objects Scanned: 538412 Time Elapsed: 1 hr, 11 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent.JUXGen, E:\Installed Games\Steam\SteamApps\common\gamemaker_studio\Runner.exe, , [7b3bccd0e2993afc78991484e9185ba5], Physical Sectors: 0 (No malicious items detected) (end) ---------------------------------------------------------------------------------------------- Virus Total analysis https://www.virustotal.com/en/file/68d8ccb79b24013de758f19d033100f9269bb1ff0f601b1ef515af1f06b0a85a/analysis/1404847817/ ------------------------------------------------------------------------------------------------- see also attached log and a copy of the file in archived format. MBAM FP log.txt
  13. yeah, i guessed as much after looking at the file path and realising it's a remnant of a long since removed virus back in january 2013, part of a website hack known as incredibar. tried to download paint'net and all the download links were rigged to re-direct to this...
  14. yeah, i guessed as much after looking at the file path and realising it's a remnant of a long since removed virus back in january 2013
  15. just want to check before taking action Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 13/04/2014 Scan Time: 21:26:27 Logfile: log false positive Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.13.04 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Luke Scan Type: Custom Scan Result: Completed Objects Scanned: 677132 Time Elapsed: 4 hr, 40 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, No Action By User, [0000a85824dc827e2c4f62af2dd503fd], PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, No Action By User, [0000a85824dc827e2c4f62af2dd503fd] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  16. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.02.19.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 User :: SARAHNEW-PC [administrator] 19/02/2014 15:38:30 MBAM-log-2014-02-19 (17-40-45).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 417815 Time elapsed: 32 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] C:\ProgramData\boost_interprocess\F9212FAD64D6CE01 (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] Files Detected: 4 C:\ProgramData\boost_interprocess\F9212FAD64D6CE01\32464C59-F24E-4E70-BE2A-07256BBD9738-55736572-0 (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] C:\ProgramData\boost_interprocess\F9212FAD64D6CE01\32464C59-F24E-4E70-BE2A-07256BBD9738-55736572-1 (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] C:\ProgramData\boost_interprocess\F9212FAD64D6CE01\7DE1BB05-2C11-431E-88A4-4BC43F8586BF-55736572 (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] C:\ProgramData\boost_interprocess\F9212FAD64D6CE01\B2CBBFA0-9E58-474C-88C8-C01122A3474E-55736572 (PUP.Optional.BoostInterProcess.A) -> No action taken. [17fdba24b8c2181ec829027cdd2529d7] (end) boost_interprocess.zip
  17. hi, i just ran malwarebytes this morning and this cropped up in the results Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 User :: SARAHNEW-PC [administrator] 28/08/2013 18:39:40 MBAM-log-2013-08-28 (18-59-35).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399894 Time elapsed: 18 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCR\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} (PUP.Optional.Delta.A) -> No action taken. [4c69b5d4b8b462d402cf9cad04fe9f61] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------------------------------------------- the reason I'm questioning if this is a false positive or not is because of the false positives i received yesterday. referance - http://forums.malwarebytes.org/index.php?showtopic=132015 -------------------------------------------------------------------------------------- again i can't upload this to virus total since it's a registry key. if you wish me to upload my registry i can do. however i wound like to know if this is a FP or not as soon as possible thank you.
  18. ok, now i'm getting worries since normally i get a response by now. is this a FP or not?
  19. yeah i think this is a false positive, can io ask to make sure here's the logs Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 User :: SARAHNEW-PC [administrator] 27/08/2013 19:04:59 MBAM-log-2013-08-27 (19-33-46).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399281 Time elapsed: 26 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 4 C:\Users\User\AppData\Local\Temp\mt_ffx (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] C:\Users\User\AppData\Local\Temp\mt_ffx\Check Point Software Technologies LTD\zonealarm\1.8.11.11 (PUP.Optional.BundleInstaller.A) -> No action taken. [a7aa6029fa725cdafc56193f4db527d9] Files Detected: 0 (No malicious items detected) (end) ------------------------------------------------- since there folders i can't scan using virus total, however it's zone alarm. i've attached the folders, however each detection is just the next folder down. mt_ffx.zip
  20. also virus total showed 1/46 https://www.virustotal.com/en/file/14472bce8e87b2c59747b40b36c580527a302bd72ace39478dc68e4fdd21ff6e/analysis/1375007035/
  21. high, i just ran Malware bytes on my GFs computer, it found that askInstallChecker-1.1.0.0.exe was a virus, i find this hard to belive since it was on the PC since she bought it. (Pre-dilivery) since then she's had it 3 months with no detection. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 User :: SARAHNEW-PC [administrator] 28/07/2013 11:28:23 MBAM-log-2013-07-28 (11-54-33).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 390820 Time elapsed: 25 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\Desktop\askInstallChecker-1.1.0.0.exe (Trojan.Fakealert) -> No action taken. [c2e00b57f7758caa1561380e6e939769] (end) also attached the log file and a 7zip with the detection askInstallChecker-1.1.0.0.7z MBAM-log-2013-07-28 (11-54-33).txt
  22. ok, doing so on both pc's, i'll re-scan to make sure
  23. yeah more of the same on the old PC Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.15.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Luke Fitton :: LUKE-143F21AD47 [administrator] 15/02/2013 07:20:21 MBAM-log-2013-02-15 (11-53-14).txt Scan type: Full scan (C:\|E:\|G:\|H:\|I:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 698341 Time elapsed: 4 hour(s), 31 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 10 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7585478E9D9B42108671C12F8714CEFE} (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX Plus DirectShow Filters (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Toolbar (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemRequirementsLab (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh Web Player Beta (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEC81925-9C76-4707-84A9-40696C613ED3} (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3B11D799-48E0-48ED-BFD7-EA655676D8BB} (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Star Wars Knights of the Old Republic (Trojan.Backdoor.MRX) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWKotOR2 (Trojan.Backdoor.MRX) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 48 C:\Documents and Settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\Converter\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DesktopService\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DivXMediaServer\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\OVSHelper\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\Player\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\FGNQA6GS\Installer[1].exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\NF4PO3HI\Installer[1].exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\S290WMW9\Installer[1].exe (Trojan.Backdoor.MRX) -> No action taken. C:\Documents and Settings\test\Local Settings\Temporary Internet Files\Content.IE5\UVXB4TI2\Installer[1].exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\CheckPoint\ZAForceField\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\SystemRequirementsLab\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\Common Files\BioWare\Uninstall Dragon Age Toolset.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Program Files\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199111.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199118.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199123.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199126.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199128.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199169.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199170.exe (Trojan.Backdoor.MRX) -> No action taken. C:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP620\A0199166.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\Setup.exe (Trojan.Backdoor.MRX) -> No action taken. C:\Users\hedev\AppData\Local\Temp\InstallSWTOR\data\Star Wars - The Old Republic Uninstaller.exe (Trojan.Backdoor.MRX) -> No action taken. E:\installedgames\LucasArts\Star Wars Knights of the Old Republic\uninst.exe (Trojan.Backdoor.MRX) -> No action taken. E:\installedgames\LucasArts\SWKotOR2\uninst.exe (Trojan.Backdoor.MRX) -> No action taken. E:\installedgames\Star Wars-The Old Republic\FixLauncher.exe (Trojan.Backdoor.MRX) -> No action taken. I:\System Volume Information\_restore{63E8BA12-B0D4-4DC6-9F57-46F14FDCA1A6}\RP614\A0198730.exe (Trojan.Backdoor.MRX) -> No action taken. (end) -------------- should i just ignore, update and re-scan?
  24. you mind if i leave this topic open till my older slower pc finished at 12:30.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.