Lucie

The post i linked to was from a few days ago

i and another have had the same issue. seems to be a f.p according to the last post if im correct http://forums.malwarebytes.org/index.php?showtopic=90331

thank you i did a developer scan not sure if u need to see it now Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7249 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23/07/2011 14:55:28 mbam-log-2011-07-23 (14-55-28).txt Scan type: Quick scan Objects scanned: 156668 Time elapsed: 5 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Thanks annie.similar thing to me then. no other scaner av picked anything up and my comp had hardly been on since the previous clean scan.which made me think it might have been a fb

ive done the run developer but when i press ok it comes up as the file cant be found do i want to search for it etc. so then i opened mb manually and im doing the quick scan now. ive just finished doing a full scan with mb and its come back ok. same with sas and kis

Ive done a scan with both kis and sas and everything is clean.doing a full scan with mb now. Should i post a developer scan scan here afterwards? Will that rell u more and what the issue was

Thanks.

Thanks.

sorry i totally stupid when it comes to comps can you explain the above again. interms of many files were previously antivirus programes. and if i dont wish MB to detect it then does it mean what i found is ok

also if this was an infection could u advise as to what the trojan was

below was posted by excile in the gen section The fact that only registry entries were found, and no files were detected. In many cases (though certainly not always) when only registry entries are detected and no files are detected, it can indicate a false positive. Though I may be wrong in this case, following the directions above will determine which is the case because the researchers will investigate what caused the detection, be it a false positive or an actual infection. also my comp has hardly been on since i did my last scan which was clear and kaspersky didnt pick anything up which is the IV i use

thanks. ive posted in the F.P section but im having trouble doing a developer/run can u advise

below is my original log. advised to post in as the poster think its a f.p ive follwed the advice to do a developer log but it says nothing is found. do i do the second scan first and then do the run developer aslo how do u save a file to zip. further down the page is another f.p trojan but i can open the file. is it the same as mine? Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7224 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21/07/2011 21:54:11 mbam-log-2011-07-21 (21-54-11).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 244460 Time elapsed: 1 hour(s), 46 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\IMSIDE1EGATE.APPLICATION.1 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\(default) (Trojan.Agent) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Thanks.what makes u think its a f.p

can someone advise as to what the below is . havnt used my comp alot since the last scan and my kaspersky picked nothing up.hoping is a false positive. Objects scanned: 244460 Time elapsed: 1 hour(s), 46 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\IMSIDE1EGATE.APPLICATION.1 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\(default) (Trojan.Agent) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

thanks ive turned my system restore off and then back on so they should all be cleared now. just doing another scan (did 2 b4 turning SR off and back on and they were both clean)

ive done another scan now after malwarebytes deleted the system volume info restore for a second time last night and the scan came back all clear.i was advised to turn the system restore off and then back on again to stop the system restoer files from popping back up even when they have been deleted. do i still need to do this as malwarebytes hasnt detected them on a third scan or will they kepp appearing every so often if i dont

is this system volume info restore on my malware report apart of the kies F.P? as there were 12 direct lies issues and 12 of these

can someone advise on the volume information restore at the bottom of the text. is that connected to klies false positive. i did another scan and all the kies issues were gone but the 12 info restore issues came up again. please can someone advise below are my first and second scan logs Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6443 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/04/2011 21:41:08 mbam-log-2011-04-25 (21-41-08).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 214330 Time elapsed: 53 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 12 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 24 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\KiesHelper (Trojan.Agent) -> Value: KiesHelper -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\KIES.EXE (Trojan.Agent) -> Value: KIES.EXE -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\COMMON\KIES.COMMON.MEDIADB.DLL (Trojan.Agent) -> Value: KIES.COMMON.MEDIADB.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\COMMON\KIES.COMMON.PIMS.DLL (Trojan.Agent) -> Value: KIES.COMMON.PIMS.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\COMMON\KIES.COMMON.UTIL.DLL (Trojan.Agent) -> Value: KIES.COMMON.UTIL.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\COMMON\KIES.TEST.PIMS.DLL (Trojan.Agent) -> Value: KIES.TEST.PIMS.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\ASTORE\ASTOREPLUGIN.DLL (Trojan.Agent) -> Value: ASTOREPLUGIN.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\DEVICEHOST\SYNCPROVIDER .DLL (Trojan.Agent) -> Value: SYNCPROVIDER.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\DISCRIPPING\DISCRIPPING .DLL (Trojan.Agent) -> Value: DISCRIPPING.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\MUSICSTORE\MUSICSTORE.D LL (Trojan.Agent) -> Value: MUSICSTORE.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\PHONEBOOK\PHONEBOOK.DLL (Trojan.Agent) -> Value: PHONEBOOK.DLL -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\PROGRAM FILES\SAMSUNG\KIES\PLUGINS\PHOTOMANAGER\PHOTOMANAG ER.DLL (Trojan.Agent) -> Value: PHOTOMANAGER.DLL -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\Samsung\Kies\kieshelper.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Kies.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Common\kies.common.mediadb.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Common\kies.common.pims.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Common\kies.common.util.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Common\kies.test.pims.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\AStore\astoreplugin.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\devicehost\syncprovider .dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\discripping\discripping .dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\musicstore\musicstore.d ll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\phonebook\phonebook.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\program files\Samsung\Kies\Plugins\photomanager\photomanag er.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140299.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140340.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140342.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140344.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140346.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140614.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140636.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140641.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140649.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140650.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140651.rbf (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1086\A0140785.exe (Trojan.Agent) -> Quarantined and deleted successfully. second log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6443 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/04/2011 23:49:17 mbam-log-2011-04-25 (23-49-17).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 212387 Time elapsed: 1 hour(s), 44 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141221.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141222.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141223.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141224.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141225.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141226.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141227.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141228.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141229.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141230.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141231.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1089\A0141232.dll (Trojan.Agent) -> Quarantined and deleted successfully.

i installed kies yesterday and did a scan today (free version) and got the trojan notice.around 30 of them malware deleted them all and im curently scanning again after uninstalling kies. so far 12 issues have come up (scan nearly done) i presume its the kies again or whats left of it on my comp after uninstalling i use kaspersky and it hasnt picked up anything from kies