Jump to content

Recommended Posts

Thank you in advance.

I have been reading your posts for 3 days and based on an older previous forum thread from maddoktor, (now Mr. Charlie) with the following post I thought I was being hacked and have changed all logins and passwords for all sensitive on-line accounts. I was ready tonight to reformat and re-install XP PRO and lose ALOT of important data. I thought that this was bad because it is blocking a root scan. So, is this normal?

7/18/2012 11:58:59 PM

mbam-log-2012-07-18 (23-58-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 210559

So, I have seen this many times in the forum and thought this was an indication that a Memory | Startup | Registry | File System had been disabled and I had a root/registry back door trojan. Now

I think I may be OK. Please advise. This might be the easiest and most stupid post you have ever seen, but again, I am a little more than confused.

Here is the entire result:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.17.13

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Pedro :: PWEDRO-C0FE6EED [administrator]

7/18/2012 11:58:59 PM

mbam-log-2012-07-18 (23-58-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 210559

Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

I love your product, but may just have not understood that:

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

is normal.

So, is it or maybe I'm not!

Thanks,

gapxppro

Link to post
Share on other sites

By the way Mr. Charlie, I really like your preventive Maintenance Guide.

We are the same age and I have been trying to build an on-line business and this stopped me in my tracks.

Thank you all @ Malwarebytes forum. I will be buying Pro when I know I'm safe. Thanks again.

gapxppro

Link to post
Share on other sites

Hello and welcome to MBAM forum, gapxppro:

Disclaimer -- I am just a home user and am neither qualified nor authorized to analyze scan logs or to provide malware advice.

Having said that...

Yes, that is what a normal, clean scan log looks like.

It is just listing what scan features are enabled and showing that they all came up clean.

Having said THAT....

1) If you are experiencing abnormal computer behavior (browser redirects, popups, crashes, slow-downs, error messages, etc) or you think you've been hacked, then you could still be infected (some of today's infections require more than 1 scanner/tool to detect and remove).

If that's the case, please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.

Then please start a new post in the Malware Removal Forum.

An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

2) Windows XP SP2 has been dead for a long, long time, as has IE 6. Without SP3 and IE 8, your computer is extremely vulnerable to infections - that may well have contributed to your becoming infected :( . You really, really need to update to better protect your system. (However, if you are infected, it may be hard to get updated. So, I suggest following my advice to have the malware experts check and clean your system first. Then you'll need to update to SP3 and IE 8.)

HTH,

daledoc1

Link to post
Share on other sites

@ gapxppro

This line from the scan log

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
is quite typical. All that is, is a list of the "enabled" scan items.

Typically it is suggested that you enable all in the Scanner settings within the Settings tab of MBAM.

Now, in and of itself, that line does not indicate whether or not something is infected.

The more telling result is when you see this result:

Objects scanned: 197436

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

If all lines say
No malicious items detected
that is a good indication that things are ok.

That said, you are highly encouraged to run a full scan with your antivirus program and see that result.

Link to post
Share on other sites

Well, updated to PRO, :P SP3 with all current updates, and IE8, with no unusual occurances. I want to be sure that everything is good, so is it appropriate to still post a DDS log and have someone look at it. Thanks for your help in advance. best regards, gapxppro

Flash;

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.15

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Pedro :: PWEDRO-C0FE6EED [administrator]

Protection: Enabled

7/20/2012 4:11:15 PM

mbam-log-2012-07-20 (16-11-15).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 156206

Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Full;

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.15

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Pedro :: PWEDRO-C0FE6EED [administrator]

Protection: Enabled

7/20/2012 4:27:10 PM

mbam-log-2012-07-20 (16-27-10).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 241553

Time elapsed: 1 hour(s), 1 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Maurice, Thank You for the feedback, I have run Panda and Kaspersky and have MSSE running. All seems ok.

I really do appreciate your taking the time to respond to me. I will keep a close eye on my system. These are crazy times and I was more than a little paranoid. This process took 5+ days which I wish I could get back. Thanks Again.

Best Regards to yourself and the MBAM Team;

gapxppro

Link to post
Share on other sites

I have run Panda and Kaspersky and have MSSE running.

Hi,

Glad it's all working OK now. :)

Until Maurice Naggar returns (and he is the expert!), though, just one question: Do you have 3 different, active anti-virus (AV) programs installed on your computer - Panda, Kaspersky and MSE?

If so, "more is less" -- running more than 1 AV (especially in real-time) is an invitation for conflicts, crashes, slow downs and a more vulnerable system. :(

One should only have 1 active AV and 1 active anti-malware program (such as MBAM) on one's system.

I'm sure Maurice would agree that you ought to cleanly uninstall 2 of those 3 AVs.

From time to time, one can run an ONLINE scanner, just for "insurance". Here is a list of them (thanks to Maurice!):

ESET Online Scanner

BitDefender Quickscan

Trend Micro Housecall

F-Secure Online Scanner

Microsoft Safety Scanner

Panda ActiveScan

Perhaps I misunderstood, and these were the extra scans you were referring to?

If so, and you really only have 1 AV + MBAM, then you ought to be OK. :)

Cheers!

daledoc1

Link to post
Share on other sites

I have Panda Free running, MSE and now MBAM. Kaspersky was just a quick scan because I have now read hundreds of reviews , Kaspersky almost always is in the top 3-5 on most review sites.

I have not noticed any conflicts and have read many people running MSE along with something else, so I'm not sure that is an issue, but I do know most recommend only 1 AV. It is more than a little confusing

So a couple quick questions, and Thank you for your response.

Why woud MBAM not conflict with Panda (scanner) and/or MSE (AV program and firewall)??

I am not very happy with MS overall because of the bloat in their products and their late arrival to the security camp.

If I disable MSE is their any consensus abot the top 2-3 AV programs the MBAM team? I assume we shoud mostly avoid the free ones. Recommended Firewall?

These are recommended scanners. Is it good to run a couple of them ?

I have also used Ccleaner and Eusing.

ESET Online Scanner

BitDefender Quickscan

Trend Micro Housecall

F-Secure Online Scanner

Microsoft Safety Scanner

Panda ActiveScan

So One good AV, A good Firewall, and MBAM. Here is maybe a better question. What Do you use? :wacko:

Thanks again So much

gapxppro

Link to post
Share on other sites

Hi, again:

DISCLAIMER - I am not a computer security expert, but only a home user.

Panda and MSE are both anti-virus programs.

Therefore it would be advisable to uninstall one of the two.

It is important to have only ONE anti-virus (AV) program installed and (especially) running in real-time.

If you have more than one, as I explained, it will not make your computer more secure, and it will likely cause serious performance issues.

MBAM is NOT an anti-virus.

It is an anti-malware program designed to provide layered protection alongside a robust, up-to-date, active AV.

The AV is the first line of defense. MBAM works differently and targets a different type of threats. The two programs work together.

The online scanners are entirely different -- they are not AV programs installed and they are not running in real-time on your computer.

So, it is OK to use them from time to time, but they are not entirely necessary.

And, if you are not behind a router with a firewall, it's a good idea to have a software firewall (either standalone or as part of a security suite).

The bottom line good computer security means: 1 anti-virus (AV) installed and running and kept up to date, plus 1 anti-malware (such as MBAM), and, if needed a firewall.

Adding more and more AVs and other security programs is not a good idea, from either a security standpoint or a performance standpoint.

A helpful article here: http://forums.malwarebytes.org/index.php?showtopic=9365

The other, more expert members will have more advice, I'm sure!

Thanks,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.