Jump to content

Norton detecting MBAM files as Trojan Horses


Recommended Posts

Some strange goings on today...

I was on wikipedia when Norton 360 just stopped working. Managed to get it started again straight away but then a few minutes later a message came up saying that Malwarebytes had stopped working as well.
I started the program again, went offline and ran a full scan with Malwarebytes. In the midst of this scan a message came up from Norton auto-protect saying "proccessing threats..."
To my surprise the threats were all listed as trojan horses and were all malwarebytes temp files...

c:\program files\malwarebytes' anti-malware\00003663.tmp contained trojan horse - removed
c:\program files\malwarebytes' anti-malware\00023263.tmp contained trojan horse - removed
c:\program files\malwarebytes' anti-malware\00031317.tmp contained trojan horse - removed


... Norton seems to have detected and removed malwarebytes files as trojans ?!

Have since run full scans with Norton AV (+NPE) and Malwarebytes (+MBAR). Nothing detected and the programs at least appear to be functioning normally for now.

I should note that I have been having problems with Firefox freezing / crashing the past couple of months ever since updating to 25.0.1 and continuing with 26. I didn't read anything sinister into this though. My thoughts were that it was perhaps Firefox, Sandboxie, NoScript and AdBlock not getting along so well together on this old Vista machine.

I have also had a couple of BSODs and explorer has crashed a couple of times in recent weeks.
Prefetch has been failing a lot as well so I have disabled it.
Windows Memory Diagnostics indicates some sort of memory failure as well.

I'm really sorry to have to ask for help again but I am quite worried about this and cannot understand how this could have happened as I am very careful online.

Both main security products failing (whilst online) within a couple of minutes of each other cannot
just be explained away.

Here are DDS logs...

Link to post
Share on other sites

  • Root Admin

No those are not our files.  Those are temp files that "might" be due to Norton not having exclusions setup or from a bad memory read.  Your Event Logs show there was some type of memory issue.  Not sure if it was a fluke or if maybe you need to test your memory.

 

31/12/2013 08:42:38, Error: Application Popup [1801]  - The hardware has reported an uncorrectable memory error.
24/12/2013 23:47:31, Error: EventLog [6008]  - The previous system shutdown at 23:45:56 on 24/12/2013 was unexpected.

 

 

5 Free Memory Test Programs

How to Identify a Bad Memory Module on Your PC

 

 

I would recommend testing your memory and then IF it passes all tests then run the following (make sure Norton is disabled when running it)

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Thanks for the advice.

I'm not on the affected computer right now and I won't have time to run the memory tests until later.

 

Regarding the files Norton detected as trojans - if they are not your files then why are they located in the Malwarebytes program folder ?

 

Three unknown .tmp files that should not be in c:\program files\malwarebytes' anti-malware is that not cause for concern ?

Perhaps Norton correctly detected that Malwarebytes had been infiltrated by a trojan.

Link to post
Share on other sites

  • Root Admin

They are a concern because no .tmp files belong there period but again your computer Event Logs show that the physical memory cannot be trusted at this point. 

Until you resolve the memory issue you're pretty much wasting your time doing any type of fixes or scans because the computer cannot be trusted to read or write data.

It is imperative that the memory issue is corrected.

Link to post
Share on other sites

I had some trouble with Memtest and the others  - Blue Screen crashes.

I did manage to run windows memory test. A message during the scan came up saying 'detected uncorrectable hardware error' and the results which appeared after reboot list 95 failed tests if that makes any sense ?

 

Also - Windows logs are filled with thousands of errors and warnings.

 

Can memeory failure leave the computer more susceptible to infection when online ?

 

I'm still concerned at the ease at which Malwarebytes was apparently infiltrated with a trojan. Does the program not have strong defences ?

Link to post
Share on other sites

  • Root Admin

You're missing the entire point here. Bad memory means that every single file read/write (open, save) cannot be trusted by any application.

You need to probably replace one or more memory sticks on the computer. Once you have the memory problems corrected THEN you can look at fixing any left over software issues.

You can't put a screen door on a submarine and then wonder why it sank.

Link to post
Share on other sites

Update -

 

I have taken the laptop into my local computer repair shop and they have said the RAM needs replacing and the harddrive is pretty much done.

They also offered a malware removal service as well.

 

So with the costs of replacement parts, upgrades, malware removal plus labour I've just decided just to "retire" this old laptop.

It's more economical at this point to put the money towards a new laptop instead.

 

Thanks again for the advice (and sorry to have bothered you).

 

:)

 

You can close this thread up now.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.