deathtospyware

There are probably millions of users today who have no idea what a floppy is.

Wouldn't you know Java 6 19 would come out right as I was doing the last request. It requested the update and I applied it so that was taken care of. Removed the others per your request. Everything seems to be working fine now.

Again my apologies for being so slow in responding. Here are the results you asked for with the exception of the F-Secure scan which only found some tracking cookies. I believe the PC is now clean. SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 14:09 on 06/04/2010 by Owner (Administrator - Elevation successful) ========== filefind ========== Searching for "conime.exe" C:\WINDOWS\$NtServicePackUninstall$\conime.exe -----c 27648 bytes [02:34 18/03/2010] [12:00 04/08/2004] 054DF8F752497C6B74DD7B65CCA61132 C:\WINDOWS\ServicePackFiles\i386\conime.exe ------ 27648 bytes [22:01 26/08/2008] [00:12 14/04/2008] ABC9002269E569538901109441660DD2 C:\WINDOWS\system32\conime.exe --a--- 27648 bytes [12:00 04/08/2004] [00:12 14/04/2008] ABC9002269E569538901109441660DD2 -=End Of File=- Results of screen317's Security Check version 0.99.2 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee SecurityCenter ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 18 Adobe Flash Player 10 Adobe Reader 9.3 ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee VIRUSS~1 mcshield.exe McAfee VIRUSS~1 mcsysmon.exe McAfee VIRUSS~1 mcods.exe mcafee VIRUSS~1 mcvsshld.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` Thank you for all your help. A recent scan with MBAM also came up with no problems.

Sorry for the delay but here are the scan results you requested. Unknown entry in Winsock found in HijackThis log, MBAM scan was clean. allscansresult.zip

I was just wondering what the following was: "5779:TCP"= 5779:TCP:rruydmo I have not run across this before and haven't been able to find any info on it. It's in the [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] section of the log file. Thanks.

Had a PC that was infected with both trojans and viruses. Used Mbam to clean and it seemed successful and viruses were removed with AV software. Still a couple of days later the network quit. Ran Mbam and AV again but nothing was found. HijackThis scan also found nothing. Downloaded ComboFix and it found several items some which were cleaned but there are entries in the log file I'm not sure of what they mean as I have never seen these before. Could someone take a look at the ComboFix log and perhaps steer me in the right direction? Thanks. attach.zip

I was reading on PC World about this app that blocks flash sounds and they mentioned it could be flagged as malware but the author of the program said it is because the program uses the same techniques as some adware to work. Anyway I downloaded the setup program and scanned with MBAM and sure enough it was detected as an infected file (Adware.BetterInternet). Since flash ads are a nuisance it would be great to use this as PC World swears it is not dangerous. I could just add it to the ignore list if I choose to install it but was just wondering if anyone at Malwarebyte's has heard of this app and what their thoughts are? Quick edit: There is a 100% clean certified logo from softpedia.com on the developer's download page.

That would get you banned so quick on the Ubuntu forum. On a side note when Mbam can't quite remove files I can use the Ubuntu Live CD-ROM to boot the PC and take an in-depth look at the system32 folder or where ever Mbam reports the file residing.

CCleaner no run on Ubuntu!

Looks like a leftover from a '70s Southern Rock band.

If you'd like something that approaches Photoshop but isn't quite as complicated as GIMP give Paint Shop Pro a test run. It was a really good alternative when it was owned by the founder JASC but Corel who bought them out lacks the support I was used to at JASC. It's still my favorite photo editing software and the only reason I still have Windows on one machine. The price is very reasonable.

I just help a lady who got infected with Windows Enterprise Suite. When she called asking for help I asked her to describe what the laptop was doing and when she told me about the pop-ups and how the PC was really slow I told her it sounded like a trojan. She then told me she paid for the program that came up telling her the laptop was infected. Wow, they raised the ante from $40 to $70+. To make a long story short I had her come by and I installed MBAM on her laptop and removed the nasties. I suggested she contact her credit card company and cancel that charge and card completely. Hopefully she is not out any money, but at least now she has MBAM to keep her safe. Hopefully she keeps MBAM updated and follows my advice to run MBAM regularly. As much as like MBAM and how it cleans the nasties its incidents like this that led to my screen name. I have ideas on what they should do those who write the programs and take advantage of unsuspecting user but they border on extreme punishment.

Having read the thread on IObits and postings elsewhere concerning the theft of Malwarebyte's database I was reminded of something that happened in the 1980's. DEC VAXes were being stolen and rerouted to the Soviet Union because it was illegal to sell them to the Communist bloc nations. When DEC got wind of this they started putting metal plates on VAXes with the words "When you care enough to steal the best" in Russian stamped into the metal plates. So, this thought came to me, why not have those same words in Chinese appear in both the database on the main screen of the program, too. Granted, it may not do much to settle the feud, but it would be kind of funny in a perverted sort of way.

I had been using HijackThis, ComboFix, Ad-Aware and a number of other tools to remove the coolwebsearch infections for some time when I encountered an infection I hadn't seen before. Taking what info I could glean from from HijackThis, as nothing seemed to remove the infection, I did a web search which pointed me to website that not only recommended Malwarebyte's but actually insisted it worked. I was skeptical because all the tools I had ever used, though they worked, didn't work to my satisfaction sometimes. I always ended up doing a manual scan through the registry and the Windows file system to find left behind keys, files and garbage. But since I was at the point of either try Malwarebyte's or reformat the drive and start fresh I decided I had nothing to lose. I was blown away at how well it worked and since then have been telling everybody I can about it. I insist my clients install it on their computers, especially after I give them a 30 minute speech on what the consequences could be if they don't. I tell every one I know who uses p2p or other file sharing services to get the paid version of Malwarebyte's. It may sound like I'm being harsh or heavy handed toward my clients but more than one has later called me and thanked me for having them install this great product.

The last Ubuntu Linux update (9.04) overload their system, I can just imagine what Win 7 will be like. Hopefully, with Bill Gates' money Microsoft has a lot more servers than the Open Software foundation.

I find USB flash drives to be far superior to any other removable storage is why I use them. I'm sorry but I just don't agree that they get corrupted "very easily", it is easier to accidentally scratch a CD-R and render it unreadable than to damage a USB flash drive. Honestly, I have stopped using CDs for anything that I need quick access to, primary use is for long term storage and if what I read lately about CD-Rs is true, that isn't very long either.

In days past I did this but finding the printouts became a chore. Now I just cut and paste everything into a Notepad file and save to my essential files on a USB drive. So much easier to find.

One reason I like coming here just to read the posts. You never know what neat little tools you'll find from the good guys on this forum. I'm going to give this a go tonight and if I like it it's going into the toolbox USB drive. Thanks guys.

Just the quick scan. Reason I ask is the quick scan does check temporary IE folders and with more malware now targeting Firefox I was just wondering if the quick scan included the Firefox folders. Or do the infections just come through Firefox and go to the usual places?

Just a quick question, I guess I should ask about Opera too since I use it on occasion also. I never see it in quick scan so thought I'd ask. Or is it because I have Firefox installed on a drive other than C: that it is just being missed? Thanks guys for the great application.

Whenever I encounter a PC that has an infection that won't let Malwarebytes run I just rename mbam.exe to freeme.exe and it runs and cleans the machine 99% of the time.

Kenny, is this infection being looked at for being added to Mbam database? I recently cleaned the same infection on a PC the combofix tool and then a final run of Mbam 1.40 with database 2708 at the time.

An elderly man in Louisiana had owned a large farm for several years. He had a large pond in the back. It was properly shaped for swimming, so he fixed it up nice with picnic tables, horseshoe courts, and some apple and peach trees. One evening the old farmer decided to go down to the pond, as he hadn't been there for a while, and look it over. He grabbed a five-gallon bucket to bring back some fruit. As he neared the pond, he heard voices shouting and laughing with glee. As he came closer, he saw it was a bunch of young women skinny-dipping in his pond. He made the women aware of his presence and they all went to the deep end. One of the women shouted to him, 'we're not coming out until you leave!' The old man frowned, 'I didn't come down here to watch you ladies swim naked or make you get out of the pond naked.' Holding the bucket up he said, 'I'm here to feed the alligator...' Some old men can still think fast.

One thing I forgot to mention is that if you try to access the folder/file in Windows explorer and it gives you an access violation error or any other access error is a good sign the folder/file could be corrupted, but not always. It could be locked by the system also. In your case look for a file or folder named A in the root C:\. If you don't see it try showing hidden files and see if it appears. If not then the problem won't be solved by chkdsk and perhaps someone else can further assist you.

Congrats all around to the MBAM team. You have been an invaluable asset in my helping others to clean their machines. Best tool to date and has save me countless hours of doing it manually as I had started to have to do when the older tools started failing. It's just sad to me that we need software like this though.