Jump to content

Recommended Posts

My first time using the forum so apoligies if I have posted in the wrong place. Like the title says I have just run the full scan of MBAM & came up with the following results:

Malwarebytes' Anti-Malware 1.34

Database version: 1878

Windows 5.1.2600 Service Pack 3

05/04/2009 18:02:45

mbam-log-2009-04-05 (18-02-33).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 268446

Time elapsed: 3 hour(s), 15 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

E:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.SysCleanerPro) -> No action taken.

E:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> No action taken.

Now as I don't have the first clue about computers, apart from the basics & the internet, I was unsure which, if any, of the results from the log it was safe to delete. Would appreciate any help you all could give me (&maybe I'll pick up a few tips too).

Currently using Windows XP & have AVG & SuperAntiSpyware installed for protection. Thank you very much again everyone.

Link to post
Share on other sites

Generally speaking, it is good practice to have MBAM either put in quarantine or remove (delete) what it flags.

Your log report shows an older version of MBAM and definitions out of date too.

Get it updated. Do another scan. Have it remove the items it flags.

Start your MBAM.

Click the Settings Tab. Make sure all option lines have a checkmark.

Click the Update tab. Press the "Check for Updates" button.

At this time, the current definitions are # 1940 or later. The latest program version is 1.35 (released March 26)

When done, click the Scanner tab.

Do a Quick Scan.

  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that the flagged suspects-line-entries have a checkmark, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1878

Windows 5.1.2600 Service Pack 3

05/04/2009 18:59:33

mbam-log-2009-04-05 (18-59-33).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 268446

Time elapsed: 3 hour(s), 15 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

E:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.

Decided to delete what was flagged & restarted as prompted. Have since updated my MBAM & run a quick scan with the following log:

Malwarebytes' Anti-Malware 1.35

Database version: 1942

Windows 5.1.2600 Service Pack 3

05/04/2009 20:42:15

mbam-log-2009-04-05 (20-42-15).txt

Scan type: Quick Scan

Objects scanned: 135853

Time elapsed: 1 hour(s), 29 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Computer had been taking an age to start previous to deleting those few things but upon restart it was back to its old quick self.

Link to post
Share on other sites

I'd suggest you do a full scan with your antivirus program, if you haven't done so already.

and as a supplement, Scan the system with the Kaspersky Online Scanner

http://www.kaspersky.com/virusscanner

icon_arrow.gifAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.

2) Accept the agreement

3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )

4) For XP SP2-SP3, click the Install button when prompted

5) The necessary files will be downloaded and installed. Please have plenty of patience.

6) After Kaspersky AntiVirus Database is updated, look at the Scan box.

7) Click the My Computer line

8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Save the report to your system. Let us know if the report showed any items flagged, other than cookie items.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.