Jump to content
Sign in to follow this  
ReikiRicardo

HEUR/Strange?Autorun

Recommended Posts

When I run the quick scan, HEUR/Strange/Autorun shows up as malicious, but it won't quarantine the file.

It only shows up on the quick scan. I've also used avira, spybot and superantispy, but none of them anything being infected. Is this a false positive?

Thanks

Rick

Share this post


Link to post
Share on other sites
When I run the quick scan, HEUR/Strange/Autorun shows up as malicious, but it won't quarantine the file.

It only shows up on the quick scan. I've also used avira, spybot and superantispy, but none of them anything being infected. Is this a false positive?

Thanks

Rick

We need a lot more data .

Please follow these instructions :

http://www.malwarebytes.org/forums/index.php?showtopic=3228

Share this post


Link to post
Share on other sites

Hi, I typed it in and a window popped up that said, Windows cannot find mbam.exe/developer

I checked several times and I typed it in correctly.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.39

Database version: 2461

Windows 5.1.2600 Service Pack 3

7/20/2009 9:09:18 PM

mbam-log-2009-07-20 (21-09-18).txt

Scan type: Quick Scan

Objects scanned: 101902

Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I initially posted from my computer and am now using the computer with the problem. When I typed malwarebytes into the Yahoo browser, it redirected back to Yahoo. It happened twice.

Share this post


Link to post
Share on other sites

Unless you can show me some sort of data that connects our scan to your original post :

When I run the quick scan, HEUR/Strange/Autorun shows up as malicious, but it won't quarantine the file.

I do not have a starting point .

HEUR/Strange/Autorun <- this is not even in MBAM format . MBAM detections are almost always Type.Vendor like Trojan.Vundo .

Share this post


Link to post
Share on other sites

Please go ahead and follow the directions posted below and we'll run some scans and see if we can find what's going on.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Share this post


Link to post
Share on other sites

Here are the logs from malwarebytes and avira.......

Malwarebytes' Anti-Malware 1.39

Database version: 2461

Windows 5.1.2600 Service Pack 3

7/20/2009 9:09:18 PM

mbam-log-2009-07-20 (21-09-18).txt

Scan type: Quick Scan

Objects scanned: 101902

Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Avira AntiVir Personal

Report file date: Monday, July 20, 2009 21:50

Scanning for 1558668 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : WARREN_BOYS

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/9/2009 20:08:42

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 17:06:08

ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 7/19/2009 22:53:46

ANTIVIR3.VDF : 7.1.5.7 56832 Bytes 7/20/2009 22:53:46

Engineversion : 8.2.0.222

AEVDF.DLL : 8.1.1.1 106868 Bytes 5/23/2009 00:02:44

AESCRIPT.DLL : 8.1.2.18 442746 Bytes 7/17/2009 23:21:28

AESCN.DLL : 8.1.2.3 127347 Bytes 5/23/2009 00:02:42

AERDL.DLL : 8.1.2.4 430452 Bytes 7/15/2009 17:21:55

AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 01:24:57

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 01:48:32

AEHEUR.DLL : 8.1.0.143 1864055 Bytes 7/17/2009 23:21:28

AEHELP.DLL : 8.1.4.5 229748 Bytes 7/15/2009 17:12:29

AEGEN.DLL : 8.1.1.48 348532 Bytes 7/2/2009 20:23:23

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40

AECORE.DLL : 8.1.7.5 180597 Bytes 7/15/2009 17:12:19

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/9/2009 20:08:42

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, July 20, 2009 21:50

Starting search for hidden objects.

'49476' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'hpswp_clipbook.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'notepad.exe' - '1' Module(s) have been scanned

Scan process 'jucheck.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hphmon06.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'hpqgpc01.exe' - '1' Module(s) have been scanned

Scan process 'hpqbam08.exe' - '1' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'ALCMTR.EXE' - '1' Module(s) have been scanned

Scan process 'KBD.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'LSBurnWatcher.exe' - '1' Module(s) have been scanned

Scan process 'InfoMyCa.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'igfxpers.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'WUSB54GS.exe' - '1' Module(s) have been scanned

Scan process 'WLService.exe' - '1' Module(s) have been scanned

Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MDM.EXE' - '1' Module(s) have been scanned

Scan process 'McSACore.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

60 processes with 60 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '74' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: Monday, July 20, 2009 22:56

Used time: 1:06:58 Hour(s)

The scan has been done completely.

7051 Scanned directories

458664 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

458662 Files not concerned

15755 Archives were scanned

2 Warnings

2 Notes

49476 Objects were scanned with rootkit scan

0 Hidden objects were found

Should I download hijack this and start a new topic?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.