Jump to content

Trojan?

alicez

By alicez
in File Detections

 Share

Recommended Posts

alicez

alicez

Posted
Posted

I just received two Trojan RansomFMS on my MB scan. Does anyone know what I should do next?

 

Vendor=Trojan.Ransom.FMS Category=File Item=C:\Windows\I386\Comres.DL_

Vendor=Trojan.Ransom.FMS Category=File Item=C:\Windows\$NIServicePackUninstall$\comres.dll

 

 

 

ic1tux.gif

 

 

 

 

 

WinXP

Link to post
Share on other sites
alicez

alicez

Posted
  • Author
Posted

please update and rescan those files. Let me know if still detected. If so please post a dev log. instructions are stickied in this subforum.

 

Also if you can zip and attach that file here please.

 

I did the new download but don't know if I have to run a FULL scan again. Can I run a QU\CK scah?

 

If the 2 Trojans do show up, I don't know how to do what you said you needed = "dev log" and "zip and attach that file."

Link to post
Share on other sites
  • Staff
shadowwar

shadowwar

Posted
  • Staff
Posted

you can navigate to here:

 

C:\Windows\$NIServicePackUninstall$\comres.dll

 

and right click the file and hit scan with malwarebytes.

 

post that log here. 

 

Also right click that file and hit send to\ compressed

 

There is a post on it here:

 

http://forums.malwarebytes.org/index.php?showtopic=128250

 

It should create a file comres.zip

 

Attach that file here please.

 

This is a false positive more then likely but without a file or a dev log i have no idea what subset of that def is triggering.

 

If you cant get the file to work then here is how to do a dev log. Yes a full scan would be necessary do to the locations of the files.

 

http://forums.malwarebytes.org/index.php?showtopic=3228

Link to post
Share on other sites
alicez

alicez

Posted
  • Author
Posted

I ran a full scan and nothing was found this time!

Do I have to do anything else now?

 

BTW: What happened with these 2 "Trojans" that showed after the first download and scan but not found after the second download and scan?

 

ADD-ON:

 

Can someone please respond to my above questions please?

Thank you.

Link to post
Share on other sites
alicez

alicez

Posted
  • Author
Posted

If you removed them when you first posted about this then you will have to go to the quaritine tab and restore them. If you didnt then we must of removed the definition earlier from the database.

 

I just did what you told me to do. I downloaded MB definitions again and then ran a full scan and then those two "Trojans" were no longer showing. Does that mean my computer is okay now?

Link to post
Share on other sites
alicez

alicez

Posted
  • Author
Posted

The computer was ok as those were false positives and not malware. So when this first happened you didnt quaritine/ remove them?

When I first saw them I just closed MB. I did not quarantine them. Then I did another download and ran another full scan and nothing was found.

Does that mean my coputer is now ok?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept