Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by corabeth

  1. Just did the update and got a clean scan. My blood pressure is returning to normal. Thanks for the quick response!
  2. For the past few weeks, this is the only way the computer would start. I'll contact help desk, thanks.
  3. I thought I had part of the problem resolved. I hit restore all in the quarantine log And tried to find the System Configurator and it opened right away. Hooray. I shut the laptop off last night to see if this resolved the startup problem. turned it on this morning and it did not and the system repair brought me back to two days ago. Now I can't find msconfig.exe again (probably because it brought me back to before I restored the files from the quarantine log) Except now those files are not in the MWB quarantine log anymore either! (I tried the show hidden files and that didn't help either.) I think I'm in worse shape than before
  4. Sorry, I didn't mean remove it, I was using the words AdvancedSetup used. I checked and the choices are delete or restore. So, I can try to restore since the log shows that the trojans were quarantined and deleted. Believe me, after two new Vista installs in the last 2 months, I am in no mood to do another! I'll check the HJT forum as well.
  5. If I remove it, will I get back the msconfig.exe capabilities? Thanks for your quick replies today!
  6. This is the log from Feb 3rd which is when it found the problem. If this is not what you need, please advise how to retrieve it. Thanks! Malwarebytes' Anti-Malware 1.44 Database version: 3687 Windows 6.0.6000 Internet Explorer 7.0.6000.16945 2/3/2010 11:25:55 PM mbam-log-2010-02-03 (23-25-55).txt Scan type: Quick Scan Objects scanned: 101444 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\System32\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  7. Hi, MWB advocate here but I'm stuck! A little background information is necessary but I'll try to keep it brief. HP installed a new hard drive in my Pavilion laptop in January. When I got it back, the first thing I did was remove Norton and install MWB and eset Nod32, which I have used in combination for over a year with zero problems. I was having some of the same issues with freezing so when I called HP tech, who tried a few things and then insisted that MWB was causing my problems and instructed me to do a complete restore again (after I had just loaded all my docs, etc.) and keep Norton. I personally think it was a bad Vista install but he insisted he's seen MWB create problems. I did the new Vista install but I am not comfortable with Norton so I installed MWB too but didn't put it on auto protect at first just to see how things worked. I ran a scan and saw that Norton had let in two trojan.agent Those were quarantined and I uninstalled Norton the next day and put eset on. No more freezing, no more malware or trojans. I rarely shut off this laptop but when I do for long periods of time (not a reboot), Windows won't start. Shutting down and restarting again kicks in system repair and it then starts fine. I get a "blocked program on Start-up notice" and see that it blocks MWB on start up in order to get a successful Windows start up. Last night I was looking up something else and noticed my System Configurator is missing. On a hunch, I checked my quarantine logs and found that the two trojan agents in quarantine impacted msconfig. One is the file c:\windows\system32\msconfig.exe and the second is the registry value HKEY_local_machine\software\microsoft\windows\currentversion\run\msconfig If I delete these files will it just delete the trojan.agent or will I wipe out the msconfig too? I'm an intermediate user but not strong enough to try to put files back on that I need and I don't want to totally screw up this computer. I just find it interesting that the system repair disables MWB on start up in order to run Windows. I tried to look back in system restore for a restore point earlier than the Feb 3 Trojan.agent capture but I can't find any restore point earlier than Feb 28. Thanks!
  8. It was the first scan on the first day of a brand new computer. So, I take it the answer is ignore since it is not technically malware.
  9. Apologies, I saw the fix upthread. (I run a message board with similar software but we have an edit button so I can edit out my stupid posts!) So, for entries like this, which I got at the same time Vendor Hijack.startmenu Hkey_current_user\software\Microsoft\Windows\Current Version\Explorer\Advanced\start_showsearch 0 bad, 1 good That really isn't malware and should be ignored?
  10. I had deleted it too (well, not deleted it but I clicked the "fix checked" button but it's not in my quarantine list. I was afraid to leave it because our previous computer had the desktop hijacked. What do I do now?
  11. Sorry, it won't let me edit my first post. I also ran a full Norton scan and it showed zero infections.
  12. I'm the ultimate defintion of a noob. Just set up a new PC with 64 bit today. Ran a scan at the start and zero infections, now the same ones being discussed here are showing up in my last scan of the night. I am new to MWB too, we got this new computer after the old one got totally infested (before I had heard about MWB). Do I ignore both of the infections below? Thanks! Database version: 1640 Windows 6.0.6001 Service Pack 1 1/11/2009 12:24:32 AM mbam-log-2009-01-11 (00-24-26).txt Scan type: Quick Scan Objects scanned: 47467 Time elapsed: 1 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.