Jump to content

Recommended Posts

This is a new (used) system to me. The following scan is from MBAM running in a LUA. I was not familiar with the system and ran it by mistake. If I go into the administrator account, MBAM does not pick up anything. I can repeat this multiple times.

What could this be please?

All the suspected files are ok through VirusTotal.com

SuperAntiSpyware, AVAST, Windows Defender show no problems.

Only one problem that I can see. If I go through the LUA account to go to this forum and try to type in my password, it will not accept it.(no input from the keyboard when i get to the password) Again, when I go to the administrator account and go to this forum, it will accept the password. I have since taken this system offline.

Could this just be a software problem?

This system was not even hooked up to the internet until I had it. (SP1)

I installed security from a clean system (AVAST), updated windows through windows update (SP3), and everything appeared fine until I mistakenly ran MBAM under the wrong account.

If this is an actual problem, I can just destroy the old HD, 60 gig, and install one I have laying around for backups.

Thanks you for any help.

Malwarebytes' Anti-Malware 1.37

Database version: 2273

Windows 5.1.2600 Service Pack 3

6/13/2009 8:25:04 PM

mbam-log-2009-06-13 (20-24-55).txt

Scan type: Quick Scan

Objects scanned: 77094

Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\config\ACEEvent.evt (Rootkit.Agent.H) -> No action taken.

c:\WINDOWS\system32\config\Antiviru.evt (Rootkit.Agent.H) -> No action taken.

c:\WINDOWS\system32\config\AppEvent.Evt (Rootkit.Agent.H) -> No action taken.

c:\WINDOWS\system32\config\Internet.evt (Rootkit.Agent.H) -> No action taken.

c:\WINDOWS\system32\config\SecEvent.Evt (Rootkit.Agent.H) -> No action taken.

c:\WINDOWS\system32\config\SysEvent.Evt (Rootkit.Agent.H) -> No action taken.

Link to post
Share on other sites

I found the problem with typing through the LUA. NoScript was not working correctly in this account. After replacing it I have no problem with the type showing up when I type.

The other problem is still doing the same thing as I stated above.

I have also run MS Malicious Software Removal Tool, Spybot, and ZoneAlarm Anti-malware that is included in ZA Pro. They all show that everything is clear.

Any suggestions would be appreciated.

Thank You.

Link to post
Share on other sites

Thank you for the quick reply.

It is comforting to know that I did not have a problem.

Since reading you reply, I have corrected the problem on this system.

As stated, I have kept the computer offline and I defragged the HD, scanned for errors, and then I cleared the following logs in the event viewer and booted the system.

ACEEvent.evt

Internet.evt

(the other logs I wanted to keep due to specific info in them)

After this I proceeded with a quick and a full scan in both accounts. They all come up clean.

Thank you again for your help with this issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.