wboswell

Found Six Malware Items When Malwarebytes Didn't Find Any

7 posts in this topic

After installing Anti-Rootkit Beta I ran it and it found six items.  Four were noted as "(Security.Hijack)".  I had the program delete all of them.  How comes Malwarebytes didn't catch these or would this be considered a false positive?

This is what the log file showed for those items.  It didn't find anything elsewhere.  I have also attached the log file.  Should I be concerned about these?  I've had several hacks recently and suspect somebody planted something deep into my system which is why I originally downloaded this beta.

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [a895a59857251d195875f8fc7093f808]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [de5f0d30007c04326680b3416d96a25e]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [ee4f4af3433981b524e2df18d03351af]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [a697112c790339fd0cc1d81c877c7e82]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [0d30b8855c202e08a343af45b84b8f71]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [e756c37aaad21323fe08e4130af96898]

mbar-log-2016-11-15 (13-03-58).txt

Share this post


Link to post
Share on other sites
Quote

How comes Malwarebytes didn't catch these or would this be considered a false positive?

Do you have the "Scan for rootkits" option enabled (checked) in Malwarebytes Anti-Malware?

Share this post


Link to post
Share on other sites
30 minutes ago, Aura said:

Do you have the "Scan for rootkits" option enabled (checked) in Malwarebytes Anti-Malware?

Yes I have it enabled which is why I wondered if it was missing rootkit scans.  I have scans set up to run several times a day.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Rootkit is constantly in a beta state, and when the technology is stable enough, it is rolled in Malwarebytes Anti-Malware and a new beta for MBAR is released. It could explain why MBAR caught these entries while MBAM didn't. I guess that only an employee will have a more comprehensive answer for you.

Share this post


Link to post
Share on other sites

Anything is possible with my computer.  I'm very observant of anything suspicious activity on this computer since I lost a lot of important electronic documents that cannot be replaced.  I suspected months ago my computer was phoning home to somebody who is probably responsible for the loss of all those documents.  That's why I believe the scan results are not false positives.  It would explain all the suspicious activity.

I'm considering throwing this laptop out because of all the problems I've had with it since the problem surfaced in May.  I wonder if it's possible that malware or a virus can exist even if the hard drive is formatted numerous times.  Besides doing resets to factory settings I have also manually formatted the drive several times.  MB Anti-Rootkit is the only program to show results that might prove malware is buried deep inside my system.  Even Norton can't find anything or any other anti-virus programs I have tried.

Share this post


Link to post
Share on other sites

It is possible for some malware and virus to survive a Factory Reset, though it's more rare for them to survive a full drive wipe (done properly). If you really are infected, you could have reinfected yourself with an infected device such as a USB Flash Drive. If you need assistance with malware removal, you'll need to start a new thread in the Malware Removal for Windows section, by following the instructions in the thread below.

https://forums.malwarebytes.org/topic/9573-im-infected-what-do-i-do-now/

 

Share this post


Link to post
Share on other sites

This is an old post and no longer relevant.  I had the regular Malwarebytes Anti-Malware premium version then and I still have it now with the new version.  My original post was related to the Anti-Rootkit Beta only.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.