Jump to content

Recommended Posts

Hi guys, I need your help! :)

MBAM is finding a combination of the following stuff on my laptop: Trojan.Agent/Backdoor.Bot/Trojan.Zlob/Worm.AutoRun/Rogue.Trace/Trojan.Xanib

It asks for a reboot to complete removal, but another scan after is still showing the same files. I installed AntiVir, updated it and ran a full scan (all files) but that is not find anything. I then disabled the AntiVir guard and ran ComboFix and have attached the log below, along with the MBAM and HijackThis logs:

-------------------------------------

Malwarebytes' Anti-Malware 1.39

Database version: 2463

Windows 6.0.6002 Service Pack 2

19/07/2009 18:52:19

mbam-log-2009-07-19 (18-52-19).txt

Scan type: Full Scan (C:\|D:\|S:\|T:\|)

Objects scanned: 184343

Time elapsed: 26 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Public\Documents\My Music\foronandand.exe (Trojan.Agent) -> Delete on reboot.

C:\Users\Public\Documents\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.

C:\Users\Public\Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.

C:\Users\Public\Documents\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Public\Documents\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.

C:\Users\Public\Documents\My Music\My Music.exe (Worm.AutoRun) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\My Pictures.exe (Worm.AutoRun) -> Delete on reboot.

C:\Users\Public\Documents\My Music\inout.exe (Trojan.Agent) -> Delete on reboot.

C:\Users\All Users\Documents\qyrupelin.sys (Rogue.Trace) -> Delete on reboot.

C:\Users\All Users\Documents\gosub._sy (Rogue.Trace) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> Delete on reboot.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> Delete on reboot.

-------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:54:40, on 19/07/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\sony\ISB Utility\ISBMgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - Global Startup: Bluetooth Manager.lnk = ?

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 6298 bytes

-------------------------------------

ComboFix 09-07-19.01 - Stu 19/07/2009 18:58.2.2 - NTFSx86

Microsoft

Link to post
Share on other sites

Okay.. now things are getting a bit stranger. ;) and I'm still having trouble removing these items.

Last night I ran MBAM in NORMAL Windows mode. It detected the same 17 items. I then closed MBAM without removing any of the items or telling it to do it on reboot. I then rebooted and went into Windows in SAFE mode and ran another MBAM scan. Guess what? No items found! ;) I then rescanned in NORMAL mode and they are there again!

I also tried to find the files it is supposedly detecting, but I can not see any of them or even find some of the locations. They simply do not exist, even with Hidden files/system files set visible ;)

I'm a bit lost with what to try next. ;) What could be causing MBAM to find files in NORMAL mode but not in SAFE mode? Is it a FP? As the files do not appear to exist in the first place.

Also, when I do choose to remove selected and to reboot to do so, the files never appear in the MBAM quarantine when I next boot up, as if it either does not do anything or can't actually find them when it tries to?

Both MBAM logs are attached below:

-------- NORMAL mode scan --------

Malwarebytes' Anti-Malware 1.39

Database version: 2475

Windows 6.0.6002 Service Pack 2

21/07/2009 23:42:33

mbam-log-2009-07-21 (23-42-28).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 187372

Time elapsed: 29 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Public\Documents\My Music\foronandand.exe (Trojan.Agent) -> No action taken.

C:\Users\Public\Documents\My Music\New Song.lagu (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Music\Video.vidz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Documents\My Music\My Music.exe (Worm.AutoRun) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.exe (Worm.AutoRun) -> No action taken.

C:\Users\Public\Documents\My Music\inout.exe (Trojan.Agent) -> No action taken.

C:\Users\All Users\Documents\qyrupelin.sys (Rogue.Trace) -> No action taken.

C:\Users\All Users\Documents\gosub._sy (Rogue.Trace) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> No action taken.

-------- SAFE mode scan --------

Malwarebytes' Anti-Malware 1.39

Database version: 2475

Windows 6.0.6002 Service Pack 2

22/07/2009 00:10:56

mbam-log-2009-07-22 (00-10-56).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 184577

Time elapsed: 20 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hey DoMaGe, thanks for the reply and for finding the previous post! ;)

I'm using a Sony Vaio laptop and this is the first time I've had this problem with MBAM finding this stuff. I was going to look back to when it first started detecting them, but I have had the logging option turned off in the past and only just turned it back on! Doh! ;) I run MBAM pretty much daily, if not every other day so I should really know when I had problems but I'm not certain. I think it is since updating MBAM to v1.39 (or an updated rules/defs since then) that it has started coming up, but not 100% about it. :angry:

I had a look at my user accounts (I'm on Vista) and my Guest account is still disabled, so I'm okay there!

Have you tried scanning in Safe Mode too? Anything come up there?

I will have a look if I installed any new programs recently, but I am pretty sure I haven't. The only other possible related thing I am getting is IE8 coming up with the 'restore previous session' and telling me my browser had closed unexpectedly last time I used it when it hadn't! This usually happens after a fresh startup the first time I run IE8. Not everytime though.

I might try disabling some startup items and see if that has any effect on the scanning results too!

Any help from an MBAM mod would be gratefully received too as I can't think of much else to try? ;);)

Link to post
Share on other sites

  • Staff

Hi stualoo.

This is not a malware issue.

this is an issue with how Malwarebytes scans certain folders in Vista.

Would you be willing to assist us in running some diagnostices so that we may be better able to tweak our software?

Lets us know.

I'm going to move this to the 'General' Malwarebytes forum.

Link to post
Share on other sites

Hi Stualoo, I have been having the same 17 files turn up infected and not being deleted when MBAM told me I needed to restart. I previously thought Daemon Tools Lite had infected me as when I uninstalled this and ran the scan again they didn't show up. Just now I ran another scan and they popped back up. Needless to say I was getting a bit worried.

TeMerc I would love to help out as well if I could. :D

Link to post
Share on other sites

Sorry, I had meant to send you a PM. The info posted was deemed incorrect.

Way to uphold the integrity of the forums. Delete instead of clarify :D .

My scan results are the same as Stualoo's. I have the same problem. That is the summary of what I posted.

Link to post
Share on other sites

  • Staff
Way to uphold the integrity of the forums. Delete instead of clarify :D .

My scan results are the same as Stualoo's. I have the same problem. That is the summary of what I posted.

Sorry, that was a few days ago and I don't recall exactly the issue, it was reported by one of our other mods.
Link to post
Share on other sites

  • Staff

Thanks guys, I've alerted the developers to this thread and hopefully they'll drop in with some specific instructions.

Here is one thing though, please run chkdsk and assure you have SP2 installed. This may be a disk reading issue of sorts on a very few number of machine

Link to post
Share on other sites

Thanks guys, I've alerted the developers to this thread and hopefully they'll drop in with some specific instructions.

Here is one thing though, please run chkdsk and assure you have SP2 installed. This may be a disk reading issue of sorts on a very few number of machine

Thanks Tom :D

I have Vista SP2 already and I did try a chkdsk as I thought it might be something along those lines too. I've had MBAM installed for a long long time on this machine (laptop) and never had it pick this stuff up. It will sure be interesting to discover what is causing it! Disabling most of my startup items had no effect on the scan results. I'll try another chkdsk in the meantime and have a play around and see if I can discover anything else :):)

Link to post
Share on other sites

  • Staff

@ nuzzi & stualoo: I'm sending one of the developers your contact info and he's going to send you some tools to debug this issue some for us. Keep an eye out for that.

It may involve some above average pc knowledge tho.

Link to post
Share on other sites

  • 2 weeks later...
@ nuzzi & stualoo: I'm sending one of the developers your contact info and he's going to send you some tools to debug this issue some for us. Keep an eye out for that.

It may involve some above average pc knowledge tho.

Hi,

I'm having the same 'problem' MBAM reports:

Files Infected:

C:\Users\Public\Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.exe (Worm.AutoRun) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

as others already stated also in my case these files do not seem to exist (they point to locations on d:\... which is apparently nonsense).

Has there been any success in solving the issue? Has the developer been able to find out anything useful with the tools mentioned?

Regards

Link to post
Share on other sites

Hi,

I'm having the same 'problem' MBAM reports:

Files Infected:

C:\Users\Public\Documents\My Pictures\aweks.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.exe (Worm.AutoRun) -> No action taken.

C:\Users\Public\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> No action taken.

C:\Users\Public\Documents\My Pictures\seram.pikz (Backdoor.Bot) -> No action taken.

C:\Users\Public\Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.

as others already stated also in my case these files do not seem to exist (they point to locations on d:\... which is apparently nonsense).

Has there been any success in solving the issue? Has the developer been able to find out anything useful with the tools mentioned?

Regards

Just a follow-up anout the locations ... dir /ah reveals ... :

Directory of C:\Users\Public\Documents

29/06/2009 10:05 280 desktop.ini

02/11/2006 15:02 <JUNCTION> My Pictures [d:\Users\Public\Pictures]

02/11/2006 15:02 <JUNCTION> My Videos [d:\Users\Public\Videos]

cd "My Pictures" gets a 'The device is not ready.' which would be ok because it really is not (d:\ would be the dvd drive on a laptop and there is none inserted ...)

Link to post
Share on other sites

There is active work on this going on and we're hopeful to have a solution soon. For now, just add those to ignore lists.

But do you know if these are false alarms or serious threats? If these are real threats then there's no time to waste and just add them to the ignore list while they produce harm.

Please share your knowledge otherwise anyone is best advised to start with a clean system.

Link to post
Share on other sites

  • Staff

Hi,

These are no threats, but a read error for the Users\Public folder on some Vista Systems. Because of that, malwarebytes sees files which aren't present there. Other scanners may give similar results (depends how detection is).

We are still trying to figure out what is causing this read error, so extra info may help to pinpoint this.

For everyone having this detection, please Rebuild the indexing in Vista.

See here how to do this: http://www.wikihow.com/Rebuild-Windows-Vista-Search-Index

Then rescan again and let me know if detection still shows.

Also, I want to know how Public sharing is set here. If it's enabled/disabled etc etc... and if it's passwordprotected if enabled.

http://www.vistax64.com/tutorials/126289-p...g-turn-off.html

This because this may cause this read error as well if folders are locked.

Link to post
Share on other sites

Hi,

These are no threats, but a read error for the Users\Public folder on some Vista Systems. Because of that, malwarebytes sees files which aren't present there. Other scanners may give similar results (depends how detection is).

We are still trying to figure out what is causing this read error, so extra info may help to pinpoint this.

For everyone having this detection, please Rebuild the indexing in Vista.

See here how to do this: http://www.wikihow.com/Rebuild-Windows-Vista-Search-Index

Then rescan again and let me know if detection still shows.

Also, I want to know how Public sharing is set here. If it's enabled/disabled etc etc... and if it's passwordprotected if enabled.

http://www.vistax64.com/tutorials/126289-p...g-turn-off.html

This because this may cause this read error as well if folders are locked.

Hi,

For my part I had it turned OFF (referring to the indexer and the service itself), reading about this issue I turned it on to give the possible solution a try(*), rebuilding the index etc. but that didn't make any difference. Anyhow, these files still show up. Public folder sharing I have turned on with password protection.

(*) Oh of course I have to say that I resisted to turn this indexing 'feature' on ... ;) what a big piece of uselessness ...

Indexed locations are Internet Explorer History, Start Menu and Users.

Link to post
Share on other sites

  • Staff

No, not yet. This is a bug that we cannot reproduce...yet. As a matter of fact, it's not really a bug in mbam though - it's something in your Vista (special setting, certain software, whatever) that causes a read issue for those folders. And because of that, certain definitions cannot be read properly when scanning that folder and that's why mbam sees files in there which aren't there.

Link to post
Share on other sites

No, not yet. This is a bug that we cannot reproduce...yet. As a matter of fact, it's not really a bug in mbam though - it's something in your Vista (special setting, certain software, whatever) that causes a read issue for those folders. And because of that, certain definitions cannot be read properly when scanning that folder and that's why mbam sees files in there which aren't there.

Thanks for your comment. Hopefully this can get resolved ...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.