Jump to content

AppEvent.Evt flagged as Rootkit.Agent.H


Recommended Posts

Malwarebytes' Anti-Malware 1.34

Database version: 1833

Windows 5.1.2600 Service Pack 3

3/10/2009 10:59:28 PM

mbam-log-2009-03-10 (22-59-12).txt

Scan type: Quick Scan

Objects scanned: 77025

Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\config\AppEvent.Evt (Rootkit.Agent.H) -> No action taken.

And I'm pretty sure it belongs there. Of course I could be wrong, have been before. :D Scan with Avira came up clean so I'm wondering what is going on. If need be I can post a HJT log in the appropriate forum. Thanks guys.

Link to post
Share on other sites

Well I tried to do that but the file wouldn't upload. Tried to copy it to a USB drive to upload on different PC, received CRC error. :D Maybe time to CHKDSK, the originial infection determined and cleaned by MBAM was the Zlob trojan. By the time I received the PC the user had managed to mangle several other programs while trying to clean their PC. If I can get the file to copy I'll try again to upload.

Link to post
Share on other sites

Looks like I may not get that file. CHKDSK has had to do major fixes, including on that file. Could it be the file corruption caused the flagging? Anyway I think it is nothing to be concerned about at this time. Thanks for the help and I'll add that site above to my favorites for future use.

Link to post
Share on other sites

Will do, may not be today as I have to leave for a while. Again thanks for the help and the site info. One thing that bothers me though is CHKDSK also found errors on certain .ini and .bat files that I have seen flagged by MBAM before. Once CHKDSK finished I'm going to scan again with MBAM just to be safe.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.