Requesting info on what a particular file is?

[Eagleeye]

Good afternoon everyone,

A few days ago, during a SAS scan, it picked up a Sirefef Trojan. SAS asked to reboot in order to complete the removal process...which I did.

I subsequently discovered I could no longer access the Internet at all either with Firefox or IE8. I ended up having to take this machine to a repair shop and shell out $123 to get it working again.

When I ran a full MBAM scan today, it detects a file (as shown in the attached screenshot). I have no idea just what this is, and placed it in the "Ignore List" for now, until I can obtain some info here about it.

Could someone please enlighten me as to just what this file is and whether or not it poses any security issue(s)?

Thank you for your time and review.

[shadowwar]

Unfortunately that doesn't tell us anything. That file is just located in the system restore.

Do you have a scan log of the detection itself if you take it out of the ignore list?

[Eagleeye]

Hi Shadowwar,

Is the log I've pasted below what you are looking for?

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 306195

Time elapsed: 1 hour(s), 1 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\System Volume Information\_restore{70F479AA-2E39-4267-B183-79346D7DBBBE}\RP769\A0173951.exe (PUP.HistoryTool) -> Quarantined and deleted successfully.

(end)

[AdvancedSetup]

Running a Developer scan would be more helpful as it would tell us where the detection comes from.

http://forums.malwarebytes.org/index.php?showtopic=3228

However you may want to seek help in the HJT forum if you think you might have an infection or rootkit.

[Eagleeye]

Morning Ron,

I regret to tell you that the instructions via the link you provided do not work. After entering "mbam.exe/developer" (without the quotes), and pressing <ENTER>, all I get is a dialog box stating "mbam.exe/developer cannot be found."

Any other suggestions? Thanks.

[daledoc1]

After entering "mbam.exe/developer" (without the quotes), and pressing <ENTER>, all I get is a dialog box stating "mbam.exe/developer cannot be found."

Hi, Eagleeye:

Until AdvancedSetup returns, I think that you may have forgotten to add the space after "mbam.exe" and before the "slash"?

I think it's supposed to be: mbam.exe /developer?

Perhaps give that a try?

HTH,

daledoc1

[Eagleeye]

Thanks for the info, daledoc1! I'll try that and see what happens, then post back.

[Eagleeye]

I did as you instructed, daledoc1, though I'm not sure if the screenshot shown below is what is needed. If not, then I have no idea what else to do. Unfortunately, I'm not very adept at doing all this technical stuff. Sorry.

[AdvancedSetup]

Yes, but we need the actual log file please - you can open the log and copy/paste it here. Thanks

[Eagleeye]

Ron,

This is all I can find. I'm sorry if it is not enough. I'm just not the well-versed individual as MBAM staff are, so if this is not what you are looking for...PLEASE, PLEASE, provide me with some step-by-step SPECIFIC instructions on HOW to provide you with exactly what it is you are asking for. If I sound angry...it is because I am! I'm trying to provide you all with what you are requesting, but it seems I must be a complete idiot here!

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 306195

Time elapsed: 1 hour(s), 1 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\System Volume Information\_restore{70F479AA-2E39-4267-B183-79346D7DBBBE}\RP769\A0173951.exe (PUP.HistoryTool) -> Quarantined and deleted successfully.

(end)

[AdvancedSetup]

No problem. When you see that scan with the DETECTION numbers. Click on the SAVE LOG button and save the log (but the log is probably already saved)- open the log by going to the LOG tab in the program and highlight it and select to open it.

You should then be able to open it with notepad and copy the contens here.

Let me know if you need further assistance.

[Eagleeye]

I'm sorry to say, Ron, what you see below is all I can seem to get. I think it is just better to forget the whole d**m mess. It's doing nothing but causing me unnecessary aggravation which I don't need,

Thanks for your help anyway.

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 306195

Time elapsed: 1 hour(s), 1 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\System Volume Information\_restore{70F479AA-2E39-4267-B183-79346D7DBBBE}\RP769\A0173951.exe (PUP.HistoryTool) -> Quarantined and deleted successfully.

(end)

[AdvancedSetup]

No problem - don't mean to cause you any stress over it.

If you do decide you want to continue just let us know.

thanks again

Ron