confunked

Actually, here is a condensed copy of my log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.01.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 ... 11/1/2012 6:53:17 PM mbam-log-2012-11-01 (21-39-17).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 414355 Time elapsed: 1 hour(s), 5 minute(s), 51 second(s) ... Files Detected: 2 C:\WINDOWS\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> No action taken. C:\WINDOWS\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.0.6000.16386_none_c854dde24615e549\_isdel.exe (Trojan.Zbot) -> No action taken. (end) I quarantined the files after saving this log. Anyway, as you can see, I am actually running Windows Vista Home Premium, SP2 x64... Will the replacement _isdel.exe file you provided also work for my version of Windows? Thanks (and sorry I wasn't more precise in my earlier description of my problem.)

Hi, I tried to restore these files that my mbam also detected (same files as CCy3686) so I could send them to you guys for inspection. Only the file in my System32 removed itself from mbam's quarantine list when I tried to restore it. However, it does not show up in my C:\WINDOWS\System32 directory. In fact, the entire InstallShield dir is missing from the System32 directory. I thought this was because it was hidden, but when I adjusted my Folders View in the Control Panel to show hidden files and folders, the InstallShield dir still did not show up. Now, I am in a situation where I have tried to restore the file, C:\WINDOWS\System32\InstallShield\_isdel.exe, but it does not show up in explorer, nor does the InstallShield dir itself even show up. This file also is no longer listed in my quarantine list in mbam. What should I do now? I could run another full scan with mbam to see if the file somehow gets detected again, but unfortunately, I do not have the same database anymore. Before getting to this forum, I updated my signatures database this morning. The signatures database I used when these files were detected as "Trojan.Zbot" is Database version: v2012.11.01.07. The signature database I have now is Database version: v2012.11.02.08. I don't know if this file is actually a trojan or not, and now it seems that I can neither send you a copy of it for inspection, nor can I find it on my hard drive after the failed restore. Again, given my situation, please advise me on what I should do next. I will refrain from doing anything more until I here your advice. Thanks in advance.

There weren't that many temp files that could have been causing the difference, not an hour's worth of scanning anyway. And I always run the MBAM scan by itself and leave the computer. I don't run it in the background while I'm doing other stuff for example. If you guys say the elapsed time for the scan of the number of objects scanned seems reasonable, I'll just chalk the difference up to something weird that I just don't understand for now. Thanks again for your help.

Well, I'm still having the same issue of a drastically reduced scan time on a Full Scan of my computer. I've attached a log file of a scan with the newest version of MBAM that takes about 1/2 as long as a full scan was taking for about a year straight. Again, is this reduced scan time a cause for concern in and of itself? Thanks for any help in answering my question. mbam-log-2011-08-04 (03-38-13).txt

Duh... I checked the updater settings, and I didn't have the box checked to download and install new program updates. I don't remember resetting this, but that's why I didn't get the last few versions. I've got the latest version now, and I may go back and do the clean install as you have provided links for. In any case, just wanted to let you guys know that my not having the latest version was due to a config problem on my end. (Like you didn't know that already... :-)

Thanks for the info. It's odd that I don't have the latest version of MBAM. In the past, whenever I ran an update, MBAM would notify me if a new version of the program was available, and I would always download and install it. For some reason, I haven't gotten a program update notification for the latest version(s) of MBAM through the updater. In any case, I'll follow your instructions for a clean install of the new version and go from there. Thanks again for all your help.

Thanks for the quick reply. The scans attached below were performed with the same version of Malwarebytes with the same hardware configuration, etc. These attached logs show the speed up in scan time I'm talking about. (Scans prior to 7/29/2011 took roughly the same time, but I can attach some of them, too if you want/need me to.) Roughly the same amount of objects seem to have been scanned during both scans. I was just suspicious about the drastic speed up from the 7/29/2011 scan to the 8/2/2011 scan. (The next scan I performed after 7/29/2011 was today on 8/2/2011, so this was when I noticed it.) mbam-log-2011-07-29 (18-06-45).txt mbam-log-2011-08-02 (17-49-53).txt

Hi guys, I have been using Malwarebytes for awhile now. I usually perform a Full Scan daily, and each of these scans has taken roughly 1.75 hours or so to complete for the last year or so. Today, I performed a full scan on my computer as I usually do, and it took only 49 minutes to complete. I repeated this, and the second Full Scan took only 36 minutes to complete. How can these scans complete so quickly? I have not changed any settings, and again, I have been performing Full Scans for a long time, doing this daily, and the scans always take about 1.75 hours to complete. None of the scans reports any infections, but could this reduced scan time itself be a sign that my computer is infected? Thanks in advance for any help with this question.