JohnnySokko

gonzo, Thanks. I looked at the scan log again (relevant part pasted below), and assuming the MD5 hash that you referred to is this 32-digit number 42d1b4986f1bdf573c6e991208fbd828, then yes, I see that three of the four files all share the same MD5 hash. However, even though the MD5 may be the same, the files names are different. The first is mf.dll, the second is 8afc49b02429a, and the third is ugcqysiaeo.tmp. So are these, then, all different or not? Having said that, I just noticed that this number 9A88E103-A20A-4EA5-8636-C73B709A5BF8 (whatever this number is called) is the same for all four of them, so now I'm confused. Sorry. Folders: 1 Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Files: 3 Trojan.FakeMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mf.dll, Delete-on-Reboot, [4ec5fa52b4d6b97d32ec83aeb64c11ef], Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ugcqysiaeo.tmp, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Most important, I'm still wondering why the scan results are not consistent with the quarantine list. That is, why are four threats listed as being detected in the scan log but only two of them appear listed in quarantine? What happened to the other two? If you could explain it a little better, I would really appreciate it. So are they actually in quarantine now — or were they deleted and removed from the system when the computer was rebooted?

Ugh, most of my images were cut off. I'm going to try uploading the one showing delete on reboot again. Hope it works this time.

Hello. I visited a website the other day and knew right away that I picked up an infection. I scanned with Malwarebytes, and after the scan was finished, it reported that 4 infected items were found. (See attached screenshot. A text file of the scan log is also attached.) I selected the option to quarantine the threats, then I rebooted my computer. All is now well. Today, however, out of curiosity I looked at the quarantine and noticed that only 2 of the 4 items are shown there. (See attached screenshot.) My question is . . . Why doesn't the number of threats that were found (i.e., four) match the number of items shown in quarantine (i.e., two)? Where are the other two items? And a separate-but-related question . . . Although quarantine was chosen as the action that I wanted applied to the threats, I noticed the scan log lists the action taken as delete on reboot. (See attached screenshot.) My understanding regarding quarantine is that when a file is quarantined, the file is not actually deleted. Instead, the file is just isolated from the rest of the system so that it can no longer pose any danger. If that's the case, why does the scan list delete on reboot as the applied action even though I chose to quarantine them? I don't follow. Sorry. MBAM scan log showing the four threats that were found.txt

Thank you for taking the time to explain.

Thanks for the confirmation. I appreciate it. Also, great job in being one of the first vendors to detect it. If possible, I would like to ask a follow-up question . . . After reading your confirmation, I decided to go ahead and run another MBAM scan so I could quarantine the file this time around. Before doing so, however, I decided to run a scan with HitmanPro. Yesterday, HitmanPro was not detecting the file, so my curiosity got the best of me. I just couldn't resist seeing whether or not it would do so today. It did, or at least the Kaspersky-half of it did (Bitdefender still is not detecting it). Anyway, after it made the detection, a report of the file was made available, providing many additional details. That's what I would like to ask about. Specifically, the report indicates that several other files are associated with the infection, in what HitmanPro refers to as a "forensic cluster." A copy of the full report is attached, but in brief, the report lists the primary detection (i.e., 9EA5.tmp) along with the associated files as follows: C:\Users\DannyLion\AppData\Local\Temp\Low\9EA5.tmp C:\Users\DannyLion\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NH2HU5K.txt C:\Users\DannyLion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARJKQDTC\favicon[5].ico C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf What I would like to know is this: If I use MBAM to clean this infection, will MBAM also remove these additional files that are associated with the infection as well? Thank you. HitmanPro - detection of 9EA5.tmp.log

MBAM is detecting a file on my computer as malicious, classifying it as a Trojan.Agent.VT. The name of the file is 9EA5.tmp and the file path is: C:\Users\DannyLion\AppData\Local\Temp\Low\9EA5.tmp I uploaded it to VirusTotal a couple of hours ago. The detection ratio was 13/57. (See here: http://bit.ly/1DUQnUd.) With MBAM's positive detection being the exception, most of the vendors that I trust are currently detecting it as safe, so I am hoping that someone can look at the file and verify whether or not it is indeed malicious. Thanks! MBAM scan log - file 9EA5.tmp being detected as Trojan.Agent.VT.txt 9EA5.zip

Hello. Under Settings, there is a Detection and Protection sub-tab. Clicking it displays several different options that can be turned off or on, one of them being an option to scan for rootkits. I have the option to scan for rootkits turned on (see attached screenshot). However, every time that I go to perform a scan (specifically, custom scans—where options can be chosen), if I wish for MBAM to scan for rootkits, I still have to place a check mark in the Scan for Rootkits box located under Custom Scanning Options (see attached screenshot), even though the option to scan for rootkits is already enabled in the Detection settings. I'm not sure if this is an oversight in the workings of the program or if it's a matter of me not understanding something, but what I would like to know is this: What is the point of having the option enabled in the Detection settings—if it still needs to be enabled again in a different place every time that a scan is performed? Am I missing something? Thanks!

Thank you for your help and for all of the info.

Thanks, David. I appreciate the reassurance. I trust what you and shadowwar have said on the matter. That aside, ugh, I hate to ask another question, but I would really like to know something. Is there any way for me to track down and find out where these came from? I'm using a new computer and would love to know where I might have screwed up at by going to or doing something that caused this. If there is something, perhaps some sort of tutorial, that would help with what I would like to find out, that you are aware of, please point me in its direction. Thanks!

Thanks for the reply. Are you saying you can tell that it's a positive detection simply by looking at its location? Doesn't it actually need to analyzed or something to know for sure one way or the other? Thanks for pointing that out. That's new. A couple of days ago, there were only about six positive detections.

Hello. A couple of days ago, Malwarebytes detected jnh.dll and pqaob.dll on my computer, describing them both as Trojan.Agent.ED. I scanned both files at VirusTotal, and Malwarebytes was in the minority of vendors classifying the files as malicious. If I recall correctly, I believe only 6/56 vendors detected them as malicious, one of them being Malwarebytes. My antivirus was not one of them. Because of the small number of positive detections at VirusTotal, non-recognition by my antivirus, and because I have not noticed any strange behavior on my computer, I believe these may be false positives. The scan log from Malwarebyes showing detection of the two files is attached, as well as the files themselves. Please let me know what the determination is. Thank you. Malwarebytes scan log - possible false positives.txt jnh.zip pqaob.zip

daledoc1, Thanks for your reply. I'm going out in a few minutes, but when I return, I'll go ahead and try your advice. In the meantime, if you could answer these three questions, I would really appreciate it. 1.) I have a pro version of a clean uninstaller that monitors programs as they are installed. Supposedly, being that it actively monitors the entire installation process, if a program should ever need to be uninstalled, this uninstaller is supposed to be capable of removing virtually every trace of it. Can I use this? My thought is that it would be just as good (or possibly even better) than the MBAM removal tool? What do you think? 2.) You said, "Please let us know how it goes." Sure, but he problem with that is, prior to attempting to upgrade my current version of Malwarebytes to the newest version, my current version has been working perfectly fine all along. Not a single glitch—until a new version was released and the update process revealed one. So, what I'm getting at is, after I do an uninstall/reinstall, how will I actually know whether or not everything is actually fine? It will probably be several months (or longer) before a new version is released again, so after I do the whole uninstall/reinstall thing, the new version may appear to be working perfectly fine as well—until another upgrade is released, revealing the same glitch. Right? Is there any way to run any sort of diagnostics on the installed version? 3. ) In my initial post, I asked if any sort of error logs are stored by Malwarebytes, but you never addressed that, so I have no idea whether it stores any or not, but if it does, before I go ahead and uninstall it, are there any such error logs that I should pull from the program and save for you? Thanks.

Hello. I have the free version of Malwarebytes installed. The version number is 2.0.3.1025 About a week or so ago, I opened the program to do a routine periodic scan and received a message that a new version was available, and I was then asked if I wanted to upgrade to the new version now or later. I went ahead and clicked the button to upgrade now, but as soon as I did, the program simply closed. I have tried several times since then to perform the update but without any success. Every time that I try, the same thing happens, i.e., Malwarebytes just closes up and goes away. No error messages or anything. I thought about just doing a clean uninstall/reinstall, but before doing so, I thought I should report the issue first. Also, I have a few questions that I would like to ask: 1.) Is this a known issue? If yes, what's the cause, and is there a simple fix? 2.) I know that MBAM stores logs of any scans performed, but what about error logs? That is, does MBAM maintain any sort of error logs which might possibly show the reason for the issue that I'm experiencing? 3.) Should I just go ahead and proceed with doing a clean uninstall/reinstall, hoping that everything will be fine after that? Or instead, is something else recommended? If yes, what? Thanks!

Hello. Mods/administrators: I wasn't sure exactly where to post this, so please feel free to move this to a more appropriate forum if necessary. My issue: I'm having trouble updating my free version of Malwarebytes (an issue that I will soon be creating a separate post for, as I figured it's probably best not to combine two different issues in one post). After I tried unsuccessfully to troubleshoot the problem myself, I decided to come here for help, so I typed "Malwarebytes Forum" into Google, which then brought up your website. However, as soon as I clicked the link for your site, my web browser warned me that a problem exists with your site's security certificate and advised me not to proceed. (A screenshot is attached showing the error message that I received.) Suspecting that the warning was simply a false positive of some sort, I proceeded anyway — so here I am. However, now that I'm actually here, I see that the adress bar on Internet Explorer is also showing a certificate error associated with your site. (A screenshot of this is attached as well.) I spend a lot of time on the Internet, visiting scores of different sites, and I rarely come across this type of warning, so I know that my browser does not have a habit of throwing up warnings like this regularly. I'm very surprised to see such an issue with your website. What's going on? Thank you. MBAM website warning.bmp Malwarebytes Certificate Error.bmp

Hello, I thought I would bring this matter to the attention of the forum: I recently downloaded and installed Comodo System Utilities, and as soon as I used it, I noticed that the program lists the malware status of Malwarebytes services as unknown, which makes makes it look as though there is something wrong with Malwarebytes. I have no concerns about Malwarebytes, so there is no need to reassure me that the program is okay. I'm only writing so that the appropriate people can be made aware of the issue and get it straightened out with Comodo. I have already made a post on the Comodo forum about this issue, and this is what I wrote: Hello, I just downloaded the Comodo System Utilities program, and after playing around with it for a few moments, I am now completely turned off by Comodo and will never use any Comodo products ever again. When I run the Autorun Manager module of the program, under Services, it says that the malware status of Malwarebytes and SUPERAntiSpyware is unknown! It's so obvious what Comodo is attempting to do. Come on! Out of the dozens of services that I have running, the only two that the program is calling into question are the services of two of Comodo's competitors?! That's one of the cheapest tactics that I've ever seen. Comodo knows full well that there's nothing wrong with either of those two programs, so Comodo System Utilities should be showing them in green (clean), not as unknowns. It's nothing but an attempt by Comodo to make people doubt the products of their competitors, and it's pathetic. A Comodo forum moderator then replied with the following: This has nothing to do with the fact that they are competitors. All it means is that Malwarebytes and SuperAntiSpyware have updated since the last time they were whitelisted by hash. I'm sure they are trusted through the trusted files list in Comodo Internet Security. Thus, if you ran Comodo Internet Security they would be trusted anyway. If you would like them to be trusted by hash, which is what CSU does, you should submit them in this topic. Thank you. And I responded to his reply with this: Thanks for dropping in and addressing this issue. It's always nice to see a concern addressed by a moderator. That being said, I do have some issues with your response, though. "This has nothing to do with the fact that they are competitors. All it means is that Malwarebytes and SUPERAntiSpyware have updated since the last time they were whitelisted by hash." I have no idea how Comodo goes about creating their whitelists, and I have no idea what you meant by saying, "by hash," but regardless, Malwarebytes and SUPERAntiSpyware are two extremely popular programs, especially Malwarebytes. Malwarebytes has millions of users, and it's unfathomable to me that the developers in charge of Comodo System Utilities would not be able to keep the whitelist current for such an extremely popular program. I have scores of services running on my computer, many of them very obscure, yet Comodo System Utilities is able to list them all as being clean, but strangely, it plays completely dumb when it comes to a very well respected program that's used by millions (i.e., Malwarebytes). If the developers have the data to list all of my obscure services as clean, then they certainly should have the data for one of the most popular programs around. So, no disrespect to you personally, but your explanation offered in defense of Comodo simply doesn't make any sense to me. It's a very weak excuse. And furthermore, it gets worse: In my earlier post I reported that when I run the Autorun Manager module of the program, under Services, it says that the malware status of Malwarebytes and SUPERAntiSpyware is unknown, but I just played around with the program some more, and this time, I discovered that when I run the Autorun Manager, under Startup, it's actually showing SUPERAntiSpyware as being infected! This is totally unacceptable. I don't know if there's any truth to the suspicions that I have about Comodo doing this on purpose to make people have doubts about some of their competitor's products, but if that isn't true, then the only other explanation is that the developers are asleep at the wheel. Either way, the situation isn't good, and it makes Comodo look very bad. "If you would like them to be trusted by hash, which is what CSU does, you should submit them in this topic." Hmm, I'm not really sure why that would be my job to do so. The Comodo developers get paid to make sure the programs work right, do they not? They should already be on this, not me.

Mainard and noknojon, Thank you for your help. I am still wondering about some of the things that I asked about in my very last post, some of which weren't completely answered. For one . . . In response to my question of "And, in general, does it matter what order the programs are installed? For example: I read somewhere that a user would be better off, in terms of trying to prevent any issues, with installing Malwarebytes Pro (or any secondary security measure) after the anti-virus is installed — as opposed to trying to install the anti-virus when something else is already on the system. Is there any truth to that, at all?" noknojon replied with "It is advisedto Disable (not remove) your Antivirus program while installing Malwarebytes Anti-Malware just for a clean, full install. You would notat any time Remove your Antivirus program, just Temporary Disable it for about 5 minutes." However, that doesn't actually answer my question. First of all, this pertains to a new computer, so nothing, in terms of security software, is currently installed on it; therefore, much of that advice doesn't apply. And second, my actual question was completely bypassed. I'm trying to specifically ask if it will be better to install Malwarebytes Pro aftermy choice of anti-virus is installed, or doesn't it really matter? As I said earlier, I have read in several places that, in general, it's better to install any secondary anti-malware applications (such as Malwarebytes Pro) after the anti-virus program is installed. Apparently, doing it this way is supposed to result in less chances of any potential conflicts occurring between the two products — as opposed to trying to install the anti-virus on a system where a secondary program (such as Malwarebytes Pro) is already installed — and I'm wondering if there's any actual truth to that. So is there? Or doesn't it really matter in what order that they're installed? PS: I would love to be able to edit my posts, but that feature appears to be disabled. Is there any way to get that privilege enabled?

I'd like to ask something that I've always wondered about . . . If I have two security programs installed (for example, an anti-virus program and Malwarebytes Pro [with its real-time protection enabled]) and if I, say, visit an infected website, what happens if both programs simultaneously detect the same infection? What happens in that case? Will both programs "fight" for it? And if so, how is it decided which program will be the one to actually quarantine it? LOL . . . I'm picturing two NFL teams fighting for a fumbled ball under a pile of players.

Thanks again. I just have two more questions, and then I should be all set. 1.) Is it possible that a conflict or compatibility issue between two security programs could be "silent"? What I mean by that is — instead of having system slowdowns, etc., like you described — could everything appear to be perfectly all right while, unknown to the user, the two programs are actually interfering with each other in some way (but without any outwardly apparent symptoms), causing them to be handicapped in some manner and not functioning as designed? Could that happen — or will compatibility issues always be obvious? 2.) And, in general, does it matter what order the programs are installed? For example: I read somewhere that a user would be better off, in terms of trying to prevent any issues, with installing Malwarebytes Pro (or any secondary security measure) after the anti-virus is installed — as opposed to trying to install the anti-virus when something else is already on the system. Is there any truth to that, at all?

Thanks, Mainard. So you've never heard of any conflicts between the two? No issues have ever came to your attention? That's great news, if that's correct. Please tell me, though, if I were to have any conflicts myself, how would I even know? Would it be something obvious? And if yes, what should I be on the look out for? And if i may, I'd like you pin you down on something: If I did experience any conflicts between the two programs (i.e., Dr. Web Anti-virus and Malwarebytes Pro), which company would I seek resolution with? Would it be the responsibility of Malwarebytes to remedy the issue, or would I be told that I need to contact Dr. Web? I'm asking because I simply want to be prudent. (I would hate to end up in a situation where both companies are telling me that it's the other company's problem to fix.)

Thanks, noknojon. Yeah, Dr.Web CureIt! is nothing more than a really awesome on-demand scanner. It has no real-time protection, so I can't imagine that there would be any problems between it and anything, really. That's why I'm specifically asking about using Malwarebytes Pro alongside one of Dr. Web's full-fledged anti-virus programs. That would be great, though, if an administrator or a company tester could adress this.

Hello, My question pertains to the Pro version of Malwarebytes, the one with real-time protection. I realize that the developers of Malwarebytes make every effort to ensure that their software is fully compatible with anti-virus software, but even so, I am aware that there are still occasional conflicts and problems that arise between Malwarebytes and some anti-virus programs. I know this because I see people posting about the issues on the forums of some of the anti-virus companies. (And I'm assuming that Malwarebytes is probably more compatible with certain anti-virus programs than it is with others. And, of course, please correct me if that asuumption is wrong.) That being said, what I mainly would like to know about is Malwarebytes Pro's compatibility with Dr. Web Anti-virus. I am buying a new computer this weekend, and on it, I would like to use Malwarebytes Pro alongside Dr. Web for the extra layer of protection, but I am concerned about potential conflicts between the two, and I have a few questions: 1.) Does Malwarebytes actually perform testing to make sure that it is compatible with anti-virus programs? And If yes, has any sort of compatibility test ever been done with Dr. Web? I'm concerned about this because, even if Malwarebytes does perform such testing, I'm worried that no such testing has ever been done with Dr. Web since they are not a major player in the anti-virus market, and I would assume that even if Malwarebytes does perform such compatibility testing, the priority would probably be on testing it against the major anti-virus products, not the smaller ones. (In other words, I'm sure that testing is expensive, so even if it is done, I doubt that it's done against every single anti-virus product on the market.) 2.) If there would happen to be any conflicts or compatibility issues between the two, how would I even know? Woud it be something obvious? And if yes, what symptoms should I be on the look out for? 3.) And last: Does anyone reading this have any actual experience with using Malwarebytes Pro alongside Dr. Web? If yes, please share your experiences. Thank you.

Hello, I'm not sure if this is the right forum or not. This issue stems from malware, but the infection is no longer present — as I reformatted my computer. This is more of a general computer-related question. Here's what I need help with. . . . Last month a rogue security site slipped past my anti-virus protection. Upon what I thought was removal of the infection by MBAM, I rebooted my computer. Upon start up, I discovered that my mouse cursor was no longer working. The arrow keys on my keyboard were also not working. I was not able to do anything on my screen because of that. I couldn't even attempt to do a system restore (or anything) because I had no ability to navigate in order to select choices or to click on anything. I was completely handicapped, so I felt I had no other choice but to reformat. Last night, the same exact thing happened again. I picked up the same infection again from a threat called XP Antispyware 2012. This is the same infection that I had last month, and the same thing happened again after I cleaned it up and tried restarting my computer. No more use of my mouse or my cursor, nor of my arrow keys. Completely handicapped — again! So I was forced to reformat — again! What I want to know is if this should ever happen again, is there some way to get the use of my mouse, cursor, or arrow keys back — so that I can use my computer to attempt to finish fixing it?

Hello, I'm not sure if this is the right forum or not. This issue stems from malware, but the infection is no longer present — as I reformatted my computer. If I should post this somehwere else, such as on the PC Help forum, please let me know. Here's what I need help with. . . . I'm a writer and involved in research. I am also a blogger. Due to my job, which requires constant use of the computer, and due to my hobby of blogging, which also requires heavy use of the completer, I am online at least twelve hours a day. I flip back and forth between scores of unique and different sites each day, and at night, I stream movies, listen to music, and sometimes go to high-risk sites. Because of my internet behavior and the sheer amount of time I spend online, I am constantly getting infected. I get at least one really nasty infection per month. I've gotten very good at removing malware and cleaning up my computer without needing any assistance from anyone. However, something happened last month that totally stumped me and forced me to do a reformat to get my use of the computer back. Last month a rogue security site slipped past my anti-virus protection. Upon what I thought was removal of the infection by MBAM, I rebooted my computer. Upon start up, I discovered that my cursor was no longer working. The arrow keys on my keyboard were also not working. I was not able to do anything on my screen because of that. I couldn't even attempt to do a system restore (or anything) because I had no ability to navigate to select choices or to click on anything. I was completely handicapped, so I felt I had no other choice but to reformat. Last night, the same exact thing happened again. I picked up the same infection again from a threat called XP Antispyware 2012. This is the same infection that I had last month, and the same thing happened again after I cleaned it up and tried restarting my computer. No more use of my mouse or my cursor, nor of my arrow keys. Completely handicapped — again! So I was forced to reformat — again! What I want to know is if this should ever happen again, is there a way to get the use of my mouse, cursor, or arrow keys back — so that I can use my computer to attempt to finish fixing it?

Thanks. I will run the removal tool (as instructed) and reinstall MBAM. If you don't mind, I would like to ask just two more questions (for future and general reference). 1.) If someone needed to completely remove MBAM (as in the case of a corrupt install to ensure a clean re-install), and they removed it by doing a standard uninstall using Add/Remove Programs, could they still run the removal tool(mbam-clean.exe) afterwards to clean up any remaining remnants of the program? Or is it too late (at that point) to run the tool? 2.) Would using a program like Revo Uninstaller (set to advanced — for the most thorough uninstall) be basically the same thing as using the MBAM removal tool, and can it be used instead? Or does the MBAM removal tool still do more than even what a program like Revo would do?

daledoc1, Thanks for your reply, and thanks for explaining about the way to reply. Two quick questions. . . . The MBAM cleanup tool (mbam-clean.exe), I assume that is only needed/used when one needs to uninstall a corrupt or incomplete installation to make sure nothing at all remains of it that might possibly interfere with the reinstallation. Is this correct? And it would not be used to uninstall the program if one simply wanted to remove it for some reason that had nothing to do with it being corrupted. In that case, using Add/Remove Programs would be sufficient. Is this also correct? If either statement is incorrect, please let me know where I'm mistaken.