Jump to content

demonluo

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by demonluo

  1. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4176 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 08/06/2010 03:07:49 AM mbam-log-2010-06-08 (03-07-49).txt Scan type: Quick scan Objects scanned: 130008 Time elapsed: 5 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpnwmon (Rogue.FakeMSE) -> No action taken. [106660DC692B083A5FD9BEDCA290F58C] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\System32\drivers\MpNWMon.sys (Rogue.FakeMSE) -> No action taken. [106660DC692B083A5FD9BEDCA290F58C] --------------------------------------------------------------------------------------------------------------------- is this F/P coz my NIS, MSE & SAS said its clean & i also sent to VT to analysis w 41 dif AV & all of them said clean http://www.virustotal.com/analisis/8b7d641...f164-1275938790 i've also included the registry & file that MBAM said infected in the attachment called desktop.7z Desktop.7z
  2. MBAM say its a malware trace (reference #18792)... C:\Windows\System32\Chip.dll i ask this becoz the result from virustotal is only 1/42 (2.39%) & the only AV that give positive is esafe which only refer it as a suspicious file... http://www.virustotal.com/analisis/8ad9e47...547f-1267296582
  3. if u've normal computer skill, u wouldn't need to reinstall so many times, unless something wrong w ur pc, anyway, everything work now...
  4. something happen to me, database version update from 3499 to 3499, 3x in a row, hope it'll be fix ASAP...
  5. i think u can download the sample is here for analysis... hxxp://www.tudou.com/my/soft/360.php
  6. i got this too, is this a false positive? Malwarebytes' Anti-Malware 1.34 Database version: 1832 Windows 6.0.6001 Service Pack 1 11/03/2009 06:43:55 AM mbam-log-2009-03-11 (06-43-38).txt Scan type: Quick Scan Objects scanned: 62434 Time elapsed: 3 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  7. B) oh, thanks, it clear all my confusion...
  8. B) i'd like to make sure nothing goes wrong b4 i delete them from the quarantine, my NIS09 & SAS didn't detect anything via quick/full scan but MBAM did(note: i think my NIS08(come w my pc) doesn't uninstall properly(leaving traces) while i install NIS09 3 months ago but r u sure its a Trojan.Vundo infection or just false positive? as for other i've no idea, r they really Trojan.Vundo coz i don't see any strange pop-up/redirect/slow down? Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 6.0.6001 Service Pack 1 06/03/2009 03:43:08 AM mbam-log-2009-03-06 (03-40-47).txt Scan type: Quick Scan Objects scanned: 62717 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\Temp\0000056A (Trojan.Vundo) -> No action taken. --------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 6.0.6001 Service Pack 1 06/03/2009 06:30:05 AM mbam-log-2009-03-06 (06-29-53).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Objects scanned: 231063 Time elapsed: 2 hour(s), 18 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Sony\AppData\Local\VirtualStore\Windows\SoftwareDistribution\Download\0645eba5d21e51ebb0ef19201feecd667562bce0 (Trojan.Vundo) -> No action taken. C:\Users\Sony\AppData\Local\VirtualStore\Windows\Temp\0000056A (Trojan.Vundo) -> No action taken. C:\Windows\SoftwareDistribution\Download\0645eba5d21e51ebb0ef19201feecd667562bce0 (Trojan.Vundo) -> No action taken. C:\Program Files\Norton Internet Security 2008 Installer\Support\VCRedist\redist32.exe (Trojan.Vundo) -> No action taken. C:\Program Files\Norton Internet Security 2008 Installer\Support\VCRedist\redist64.exe (Trojan.Vundo) -> No action taken.
  9. have u went to regedit to delete the left over after u uninstall MBAM(becoz windows add/remove program can't be trusted, its outdated like NES)... u can try revo unistaller, it can't scan the leftover registry after u uninstall any program but there's a malware in ur pc so still u've to... regedit>edit>find>type in malwarebytes & then click find next & delete only the highlighted registry item & then click find next again & again & again until u take out all the malwarebytes registry, then u can try to install MBAM, hope it work...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.