Jump to content

Recommended Posts

I installed Malwarebytes Anti-Malware 1.75.0.1300 (Trial)  and upgraded the product  recently.  The next day Norton Internet Security 2014 found  the threat named W32.Palevo in c:\program files (x86)\malwaresbytes’ anti-malware\00005432.tmp.   I had previously run Anti-Malware scans which reported  nothing  found.   Questions:   Was the Malwarebytes software sent to me with this infection?   Why wasn’t this infection reported by Anti-Malware?   Was this hit a false positive?   What does Anti-Malware do with bad software of this type ?  Was the tmp file the place where Anti-Malware stores malware after it is found?

  Symantec  says:  “Once executed, the worm creates the following files:

  • %Windir%\logfile32.txt
  • %Windir%\msddrv42.exe

The worm creates the following registry entries, so that it runs every time Windows starts:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"Microsoft Driver Setup" = "%Windir%\msddrv42.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Microsoft Driver Setup" = "%Windir%\msddrv42.exe"”

I did not see the txt or exe files so did Anti-Malware delete these files?   Are the registry entries deleted as a part of the cleanup process?     

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.