Jump to content

Recommended Posts

Protect service isn't in my list of running services.

 

I'm curious as to why winrar files are showing up in malwarebytes when the files aren't present.

 

Is it ok to ignore these ?

Yes it is, I would suggest you do a clean install of Malwarebytes:

If you have the pro version of MB....make sure you have your license key

-----------------------

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

image514.png

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Let me know, MrC

Link to post
Share on other sites

I have uninstalled malwarebytes, ran the clean utility and rebooted.

 

Downloaded newest version of malwarevytes, updated and ran as administrator. scanned and removed all threats.

 

same 25 pops up. files and folders are not present but the registry keeps reappearing.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.11.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
lguser :: US-SO10-NA1004F [administrator]

11/11/2013 8:45:54 AM
mbam-log-2013-11-11 (08-45-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251810
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\System\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 24
c:\program files\wirar\winrar.exe (Backdoor.Bifrose) -> Delete on reboot.
c:\program files (x86)\wirar\winrar.exe (Backdoor.Bifrose) -> Delete on reboot.
c:\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\system32\help\winrar.exe (Backdoor.Bifrose) -> Delete on reboot.
c:\windows\syswow64\help\winrar.exe (Backdoor.Bifrose) -> Delete on reboot.
c:\windows\system32\systems\winrar.exe (Backdoor.Bot) -> Delete on reboot.
c:\windows\syswow64\systems\winrar.exe (Backdoor.Bot) -> Delete on reboot.
c:\windows\winrara\winrar.exe (Backdoor.Bot) -> Delete on reboot.
c:\windows\winrar\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\programdata\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\addc_client\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\lguser.us-so10-na1004f\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\lguser\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\system32\config\systemprofile\appdata\roaming\two\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\installdir\winrar.exe (Backdoor.Agent) -> Delete on reboot.
c:\programdata\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\addc_client\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\lguser.us-so10-na1004f\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\users\lguser\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\localservice\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\serviceprofiles\networkservice\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.
c:\windows\system32\config\systemprofile\appdata\roaming\dataprotect\winrar.exe (Trojan.Agent) -> Delete on reboot.

(end)

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.