"S. T. E. M." drive scanner damaged HD?!

[mdfunk]

just had this software show up, opening lots of nag screens, and a gui that showed the world would end if i didn't buy the software.

booting in safe mode and scanning with mbam showed showed registry entries for a trojan, which were removed. rebooting in normal mode, infection still there, seemed to appear early in the startup, changing the display to black and giving the 'drive scanner' free rein.

it's xp... it has a virus... time to rebuild the os, it'll run faster anyway... installed new hd for more storage, rebuilt os and put the old drive in an external enclosure.

the old HD is toast!! most of the files are gone, no user folder, but still have windows folder. sorry, can't seem to find the mbam logs for those scans. they must be there, i just can't see them.

when i plugged in the drive i had windows scan and repair bad sectors and attempt to recover files. don't think that hurt, as seem to have the same number of folders.

any help on this greatly appreciated.

[daledoc1]

Hello and welcome to MBAM forum, mdfunk:

Sorry you were infected.

If I understand you correctly, you've installed a new HDD (and the OS) and you're looking to recover your data files from the old, infected drive?

There are some helpful tutorials in some of the sticky topics pinned in the FAQ sections of the forum.

In particular, you might find helpful this tutorial on the use of the UNHIDE tool.

I'm sure one of the MBAM staff or a more expert members will have some additional advice.

HTH,

daledoc1

PS If you'd like one-on-one help from a qualified malware expert to disinfect the old HDD, please start at THIS STICKY and follow the guidelines there.

[mdfunk]

wow thanks for the great help on this. when i get the mbam logs from that last scan i'll post them for discussion.

[daledoc1]

wow thanks for the great help on this. when i get the mbam logs from that last scan i'll post them for discussion.

You are most welcome.

A couple of other thoughts:

1) I'd wait for input from the experts about how to SAFELY recover your old files without risking infecting the new drive. As such, since it's not an MBAM problem, the mods may move this topic to another section of the forum.

2) As far as posting the MBAM logs, that would need to be done in the malware removal section because we cannot review logs or work on malware removal issues in this particular sub-section.

I hope you get your files back OK.

Cheers!

daledoc1

[mdfunk]

yesterday afternoon i scanned the drive with mbam and it found a trojan. what's interesting is that i keep up on definition updates and this infection seems kind of old, so why didn't mbam prevent the infection? i'll post the logs to the forum you suggest. i ran unhide and it got most of the files back.

once again, thanks!!

[daledoc1]

yesterday afternoon i scanned the drive with mbam and it found a trojan. what's interesting is that i keep up on definition updates and this infection seems kind of old, so why didn't mbam prevent the infection?

NO security program -- even MBAM, as great as it is -- can possibly detect/prevent 100% of the ever-expanding, ever-increasing number of loathsome infections.

Some of the rootkits these days hide in places that make them VERY hard to detect, let alone remove.

i'll post the logs to the forum you suggest. i ran unhide and it got most of the files back.

Great!

The experts will help get you cleaned up.

once again, thanks!!

You are very welcome!

Good luck!

[mdfunk]

i switched to mbam as previously suffered exploits while using norton enterprise and macaffee... mbam had the longest run w/ no issues. the root problem is vulnerable os meets lax surfing habits, i think.

[daledoc1]

i switched to mbam as previously suffered exploits while using norton enterprise and macaffee... mbam had the longest run w/ no issues. the root problem is vulnerable os meets lax surfing habits, i think.

Yikes!

Please say it ain't so?!?!?!

You aren't using MBAM as your SOLE security app, are you???

MBAM is NOT an anti-virus (AV), nor can it substitute for one.

It is a specialized anti-MALWARE program designed to run alongside a robust, real-time, updated AV to provide layered protection.

Your first line of computer defense (aside from safe computing practices & keeping Windows & browsers patched) should always be an AV, either free or paid:

For example: http://www.bleepingcomputer.com/forums/topic407147.html/page__p__2316629#entry2316629

And, these days, either a hardware or software firewall is also needed.

Anyway, the experts will work with you to help you recover your files, clean your drive, and get you back up and running.

Best regards!

daledoc1

[mdfunk]

i'm running Malwarebytes Anti-Malware PRO but used mbam to avoid typing a mouthful. is not Malwarebytes Anti-Malware PRO a fully functional antivirus program?

[daledoc1]

is not Malwarebytes Anti-Malware PRO a fully functional antivirus program?

Nope.

PRO offers real-time anti-malware & website blocking features, scheduled tasks (updates/scans) and incremental database updates, compared to the "manual" updates and on-demand scans of the Free version: http://www.malwarebytes.org/products/malwarebytes_free

It's not, however, an anti-virus: http://helpdesk.malwarebytes.org/entries/20818081-does-malwarebytes-replace-antivirus-software

Anyway, once you get cleaned up over in the malware removal section, your helper can advise you on the selection of a suitable AV for your needs.

HTH,

daledoc1

[mdfunk]

hello daledoc, the fact that it is not specifically an antivirus should be made explicit on the pages where it is sold.

it is a great product. i've used it to clean up issues that AV software could not handle. but if you need an AV for complete protection you should banner that when selling it not bury it in a support forum.

my assumption is that you work for MWB. is that correct?

[Firefox]

Hello mdfunk and

Sorry for the confusion and perhaps you are correct about it mentioning that on the main site. That being said, it never claims to be an antivirus program on the main site either, it only claims to be an AntiMalware program hence the name. (This is only my view and does not reflect the views of Malwarebytes as I am not employed by Malwarebytes I am only a trusted advisor and helper on the forum).

You still need to have an antivirus program installed. Malwarebytes is your second layer of protection catching Malware the sneaks by your antivirus program. Its the job FIRST of your antivirus program to detect viruses, if it sneaks by your AV then Malwarebytes would catch it.

As daledoc1 (which also does not work for MBAM, she is just a home user and a helper here on the forums) has stated no one single product can be 100% of the ever-expanding, ever-changing, ever-increasing number of loathsome infections.

[daledoc1]

my assumption is that you work for MWB. is that correct?

Hi, mdfunk:

Actually, no, I do not.

As Firefox mentions, I am just a volunteer helper here at the forum (see attached screen grab including part of my signature block).

(By contrast, the MBAM staffers have a prominent black "MBAM Staff" logo in their signature.)

So, unfortunately, I don't have any control over the company websites or marketing.

I agree that there is often a bit of confusion "out there" among computer users about the difference between viruses and malware.

So, too, does there seem to be confusion from time to time about "anti-virus" programs versus "anti-malware" programs.

I understand how the semantics could be confusing, since the terms are sometimes & in some places (incorrectly) used inter-changeably.

I likewise understand your frustration -- having an infected computer is a very nerve-wracking experience.

I most sincerely apologize if anything I said may have been misconstrued.

And I do sincerely hope that you get your computer cleaned and back up and running properly.

Thank you for your patience and understanding,

daledoc1

PS One minor correction to Firefox's post, though -- I'm actually a "she", not a "he". But that's OK.

[mdfunk]

virus vs. malware was too fine a distinction for this non-expert. having seen mwb clean up exploits that got past 'av' packages led me to believe that it was all you needed. the fact that it is not explicitly stated that this software needs to be used with other products is sleazy in the extreme. i've shot off an email to mwb expressing same for all the good that will do.

i've seen it clean up the messes that av packages miss, so i know it is a good product. they need to out the sleazebag nerd in marketing who decided to let it masquerade as what it is not.