Jump to content

A slight inconvenience


Tangerine

Recommended Posts

Few days ago I scanned my computer. To my surprise MBAM detected 175 threats. I went through the supposed threats and I realised

that 170 of those comprised JetClean by blueSprig as PUP. The other 4 were adwarenetfilter considered very dangerous. And last but not least the infamous broken command thingy which  for some reason I"ve never bothered to whitelisted  no surprise there at all . I opted to whitelist jetclean and quarantine the rest bar my favourite one broken command. A couple of days later ip2launcher.exe failed to launch ( java update). Anyway I restored the 4 "malware " and now everything is ticketyboo . I scanned my PC with four other products and I can tell I am clean. I even run FRST nothing suspicious there. Should you request it I"ll be more than glad. Any thoughts ?

Thank you kindly

Link to post
Share on other sites

Thank you for your help. I've never had any problems whatsoever as the ones described by the gentleman above . Malware bytes did remove them but as I said I restored them due to i2launcher. Since it is not related I'll scan my PC again remove them and see what happens. I'll report back to let you know. Then I'will follow your advice and seek assistance in the malware forum.

 

Kind Regards

Link to post
Share on other sites

  • Staff

Thanks. Keep me posted. Really curious as to why you had the issue. Sorry i couldnt help more but we have some great removal specialists that are more familiar with the infection and if there are any quirks like you experienced.

Wish i could do more just have never seen any issues removing this before.

 

Link to post
Share on other sites

Thanks for your trouble. By the way I scanned my pc with malware bytes and removed said threats. Restarted and files in question

nowhere to be seen. Scanned again and it seems I am clean. Prior to removing detected threats I scanned with avast, Eset, Avira utility tool, Zemana, and Karpensky  none of them detected anything at all.

This makes me think that ... Sorry I do not really know what to think. I'll monitor my pc to see if the removal of those files is causing any problems to my system . You'll be hearing from me in a couple of days.

Once again thank you very much indeed.

 

Link to post
Share on other sites

First of all you are absolutely right regarding ip2launcher.exe.

I removed the two files in question ( amdfx and mrxsmb22) . This can be easily done using mbam or you may do so manually. These two files never came back into my system. For two days nothing out of the normal was evidenced. Of course two days is not time enough to tell. Then I restored the two files back to my system ( Thursday until now Sunday). No suspicious behaviour of any kind was observed.

amdfx seems to be a storage filter x , from Advanced Microsystems Devices ( AMD )

mrxsmb22 seems to be a Netfilter SDK IDI hook driver ( WPP) from Netfilter SDK.com something to do with filtering conflicts, when several local proxies are filtering the same TCP connections in cycle. 

Some of the anti-virus scanners at VirusTotal detected  those two files as some kind of a threat or PUP.  2% and almost 4% respectively.

Mbam in virus total considers both files clean.

When I scanned just the two files with mbam and Avast both files were deemed clean.

Taking into consideration all of the above I decided to keep those files in my system. I do understand I cannot ask you to consider these files as false positives since as it has been shown there are malware that go by the same name.

Your input will be mostly appreciated. 

In the meantime, thank you so much for your attention and participation.

 

 

Link to post
Share on other sites

  • Staff

These are not false positives. But not all that dangerous either when they are alone. Its used to monitor internet connection and are almost never are installed in a legit matter. Something misuses these files to monitor your internet usage and that data can be misused.  This detection is a installed pattern detection. So they have to be in the correct location to trigger a detection. Do to this they wont be detected by us on virustotal cause its a heuristic and virustotal has no way of putting them in the correct location to trigger the heuristic.

Hope that sheds some light on the detection.

Edited by shadowwar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.