Jump to content

Fourtop

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by Fourtop

  1. Hi there ! In our network we had a breakout of a trojan, this malware downloaded some keyloggers and fake virus programs, we were not amused We cleaned this up with a combination of MBAM and Miscrosoft Security Essentials. All strange warnings are gone again. However MBAM keeps reporting a infection on multiple computers, located in c:\documents and settings\all users\local settings\palladium.exe MBAM tries to delete te file during the next reboot, but fails. These Are WinXP Pro clients and one Win2003 Terminal Server. I tried the following to delete te file: -Enabled hidden en system files, i cant find the folder "c:\documents and settings\all users\local settings" -Tried to find the folder in safe mode, i cant find the folder "ac:\documents and settings\all users\local settings -Started the computer with a Linux Live CD, mounted the local harddisk, still no folder "c:\documents and settings\all users\local settings" -Created a folder named "local settings" in "c:\documents and settings\all users", worked fine no errors that it already existed. So im thinking that this folder doesnt exist, But why is MBAM reporting this file ? I scanned the pc's with AVG and Secury Essentials and they both say everythings is clean. Is it possible that MBAM is wrong about the file location ?, or is this folder so secret i cant even open in if i boot in a different OS :S
  2. Tested by customer and all iss working fine Thanks for the support
  3. Thank you for the update, Our xustomer will be happy. The 2nd time you helped us out greatly. Frank Smidt Fourtop
  4. Hi, Is there any progress? If not we need to deinstall the Antimalware from our customer so the can work in their CRM software. And we lose money as we cannot deliver our service
  5. Hi, After investigating we see some clients who make use of Malwarebytes pro distributed by Kaseya. In the Kaseya portal we see a message Blocked URL (193.200.164.51) type outgoing This Ip adres is used for CRM software (website www.relact.nl) Is it possible to delete this ip adres from the list? Thanks in advance
  6. confirmed the dll is not found positive anymore after new update. Thanks for the very quick response.
  7. Thanks Shadowwar for the quick reply. This will help us solve a problem on several computers. Frank
  8. forgot to say that if we remove Malwarebytes the software is working properly again. Installation again wil result in a quarantaine of this perticular DLL. Thank you for your efforts. Frank Smidt Fourtop.
  9. Hi, We make use of the Kaseya Malwarebytes. And we have an application witch give a false positive. therefore the Rabobank Telebankieren software is not communicating. The error message stated it is all about this DLL (C:\windows\system32\encdec32.dll) encdec32.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.