Jump to content

Recommended Posts

Have had several cases of this already, MalwareBytes is not detecting a new Malware called Personal Antivirus

This Malware runs as an Internet Explorer add-on under the name "Helper" and is associated with the "Personal Antivirus" spyware.

The file information on the malware version is as follows:

Location: C:WindowsSystem32msxmlm.dll

File size: 365 KB (374,272 bytes)

Size on disk: 368 KB (376,832 bytes)

Registry locations:

HKEY_CLASSES_ROOT\CLSID\{A77D3539-581D-45 0C-9E44-A84C415A6172}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ExtStats\{A77D3539-581D-450C-9E44-A84C415A6172}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A77D3539-581D-450C-9E44-A84C415A6172}

Other sites with topics and removal instructions:

http://www.bleepingcomputer.com/forums/topic235636.html

http://forums.spybot.info/showthread.php?t=49475

Link to post
Share on other sites

Hi Astinius,

I Just checked inside of the MBAM database and we have defs for the BHO file,the BHO CLSID and for that particular rogue variant.

We should be hitting that so would look for another possibilty as why they are not being hit.

Usually at this point it is another installed piece of malware that is blocking MBAM from operating normaly or the old chestnut of using an old version of the database(yes some folks dont upload to most recent DB or malware blocks the software from updating).

But for the record fully functioning MBAM with current database will unload this rogue install and its BHO helper :D

Link to post
Share on other sites

Latest version of MBAM and definitions as of yesterday were downloaded and used.

Ast.

Hi Astinius,

I Just checked inside of the MBAM database and we have defs for the BHO file,the BHO CLSID and for that particular rogue variant.

We should be hitting that so would look for another possibilty as why they are not being hit.

Usually at this point it is another installed piece of malware that is blocking MBAM from operating normaly or the old chestnut of using an old version of the database(yes some folks dont upload to most recent DB or malware blocks the software from updating).

But for the record fully functioning MBAM with current database will unload this rogue install and its BHO helper :D

Link to post
Share on other sites

astinius,

I am greatful for the data etc but know what is already in our DB

If the DB's were updated then there most be someother malware present that is interfering with the MBAM scanning and parsing against its database.

Have you checked the pc for rootkit activity or other active malware ?

Link to post
Share on other sites

I will double check with the tech who provided the information to make sure he has reported all of the correct details.

Thanks,

Ast.

astinius,

I am greatful for the data etc but know what is already in our DB

If the DB's were updated then there most be someother malware present that is interfering with the MBAM scanning and parsing against its database.

Have you checked the pc for rootkit activity or other active malware ?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.