Jump to content

MM2048.DAT (Trojan.Agent)


Recommended Posts

Hi,

I recently turned on a computer that has been off for a few years. Updated everything, including my CA Anti Virus & Spy. No threats detected during scan. I decided to download Malwarebytes today just as another precaution and of course, it found a couple of issues. Gotta love Malwarebytes! Anyway, enough smoke The following files were detected & deleted successfuly but despite my research, I cannot find out much about the type of infections. Can anyone tell me more about these infections? How serious are they, etc?

Files Infected:

C:\Documents and Settings\Administrator\Cookies\MM2048.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Cookies\MM256.DAT (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks, Alan

Link to post
Share on other sites

  • Root Admin

The only DAT file that belongs in that location is INDEX.DAT - any other file can not be legitimate.

Not finding anything is a clue that something is wrong. If you consider there are estimates of 1 Billion Windows computers around the World it's rather odd that only YOUR system has those files. ;)

You may want to post some logs though and have someone assist you in looking into it more.

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Thanks for your reply. You said, " If you consider there are estimates of 1 Billion Windows computers around the World it's rather odd that only YOUR system has those files." You may want to read the following info directly from the Microsoft web site....

"The Mm256.dat and Mm2048.dat files are cache files used by Internet Explorer. When you visit a Web page, Internet Explorer assigns the Web address a unique identification number and searches the Mm256.dat and Mm2048.dat files for that identification number. If the Web page's identification number is found, the contents of the Web page are stored locally on your computer's hard disk and Internet Explorer uses the locally stored content instead of downloading the information from the Internet. If the Web page's identification number is not found, the contents of the Web page must be downloaded from the Internet. This occurs if you have not visited the Web page before, the Web page has changed, or the Web page's identification number has expired. When the Web page's content has been downloaded to the hard disk, the Mm256.dat or Mm2048.dat file is updated with the Web page's identification number.

The Mm256.dat file is used to store the identification numbers of Web pages whose Web addresses are equal to or less than 256 characters. The Mm2048.dat is used to store the identification numbers of Web pages whose Web addresses are between 257 and 2048 characters."

Apparently I am not the only one in the world to possess these files ;)

The only DAT file that belongs in that location is INDEX.DAT - any other file can not be legitimate.

Not finding anything is a clue that something is wrong. If you consider there are estimates of 1 Billion Windows computers around the World it's rather odd that only YOUR system has those files. ;)

You may want to post some logs though and have someone assist you in looking into it more.

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

aland08, you forgot to include some information

APPLIES TO

Microsoft Internet Explorer 1.0

Microsoft Internet Explorer 2.0

Microsoft Internet Explorer 3.0

Microsoft Internet Explorer 3.01

Microsoft Internet Explorer 3.02

Microsoft Internet Explorer 4.0 128-Bit Edition

Microsoft Internet Explorer 4.01 128-Bit Edition

Microsoft Internet Explorer 5.0

Microsoft Internet Explorer 5.01

Microsoft Internet Explorer 5.5

Microsoft Internet Explorer 3.2

So I guess if you are running any one of those then the files will be present and as IE6 had been available since August 27, 2001 you should update:

http://en.wikipedia.org/wiki/Internet_Explorer_6

Link to post
Share on other sites

  • Root Admin

Since you have an open post post on Bleepingcomputer for the same thing I'll close this post now.

http://www.bleepingcomputer.com/forums/topic208349.html

AS POSTED ON Bleepingcomputer

The only DAT file that should be there on a RECENT IE is INDEX.DAT with a SYSTEM and HIDDEN attribute.

MBAM did not take into account that your system was that old and out of date on Microsoft updates.

Description of the Mm256.dat and Mm2048.dat Files

    APPLIES TO
  • Microsoft Internet Explorer 1.0
  • Microsoft Internet Explorer 2.0
  • Microsoft Internet Explorer 3.0
  • Microsoft Internet Explorer 3.01
  • Microsoft Internet Explorer 3.02
  • Microsoft Internet Explorer 3.2
  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 128-Bit Edition
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
    Retired KB Content Disclaimer
    This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Additional KB articles also explaining these files are form VERY OLD software and are not valid for an UP TO DATE OS.

http://support.microsoft.com/kb/237839

http://support.microsoft.com/kb/183506

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.