RubbeR DuckY

Version 0.66

44 posts in this topic

ok upgreaded mbam with in the program from 0.65 to 0.66 database:118 fingerprints:5567 and the first few times i started mbam i got that popup that mbam is already running and mbam stell starts :D i have restarted a few times and have not seen it yet after starting mbam and i did a quick scan and a full scan and found nothing :D thanks

Share this post


Link to post
Share on other sites

Hi Marcin, lurkingatu2, hi everyone,

- upgrade 0.65 /117/5527 ---959 KB---> 0.66/118/5567

- update 0.66/118/5567 -> 0.66/119/6094

- Quick Scan in progress - Objects infected: 34!

Malwarebytes' Anti-Malware Version 0.66

Database version: 119

This logfile was saved before the removal process.

Scan type: Quick Scan

Objects scanned: 13587

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 33

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{000006b1-19b5-414a-849f-2a3c64ae6939} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Fake.Dropped.Malware.SpywareSoftStop) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c298fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1678f7e1-c422-11d0-ad7d-00400515caaa} (Spyware.Comet.Cursor) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d14d6793-9b65-11d3-80b6-00500487bdba} (Spyware.Comet.Cursor) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fe6bc4ef-5676-484b-88ae-883323913256} (Spyware.Comet.Cursor) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093f9cf8-0de1-491c-95d5-5ec257bd4ca3} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11f1d260-129e-4eb7-b37e-57e3d97a3df1} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26d73573-f1b3-48c9-a989-e6ce071957a1} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54c75fb0-6b8b-4278-bf7b-77036f15a69e} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b843da96-2b2d-447e-90ab-b92929aa11af} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c6760a07-a574-4705-b113-7856315922c3} (Adware.EGDAccess) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fa83e942-b796-46de-9155-1632ecc5473b} (Adware.EGDAccess) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\VideoCap11.sys (Rootkit.Agent) -> No action taken.

I'm going to see this thoroughly!

NB: Last line is known!

Share this post


Link to post
Share on other sites

Those ActiveX entries are false positives. Can you delete that videocap11.sys and see if it happens again in subsequent scans.

Share this post


Link to post
Share on other sites

Marcin,

I deleted the "rootkit" manually then ran the Quick scan which found 33 infected objects:

Malwarebytes' Anti-Malware Version 0.66

Database version: 119

This logfile was saved after the removal process completed.

Scan type: Quick Scan

Objects scanned: 13596

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 33

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{000006b1-19b5-414a-849f-2a3c64ae6939} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Fake.Dropped.Malware.SpywareSoftStop) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c298fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1678f7e1-c422-11d0-ad7d-00400515caaa} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d14d6793-9b65-11d3-80b6-00500487bdba} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fe6bc4ef-5676-484b-88ae-883323913256} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093f9cf8-0de1-491c-95d5-5ec257bd4ca3} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11f1d260-129e-4eb7-b37e-57e3d97a3df1} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26d73573-f1b3-48c9-a989-e6ce071957a1} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54c75fb0-6b8b-4278-bf7b-77036f15a69e} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b843da96-2b2d-447e-90ab-b92929aa11af} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c6760a07-a574-4705-b113-7856315922c3} (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fa83e942-b796-46de-9155-1632ecc5473b} (Adware.EGDAccess) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

As you could see above, I removed them and I'm running another Quick scan.

~~ edit:

- Quick Scan -> 5 min. 1 sec. for 13596 objects -> 0 infected objects!

Share this post


Link to post
Share on other sites

Hardhead, LoneWolf,

I hope (for you) they are FP! :D

Share this post


Link to post
Share on other sites

After looking at hardhead's log I feel a little better that mine are FP's (HH's too)

I have a pretty good security setup but anythings possiable.

Hopefully they will all be confirmed to be FP's

Share this post


Link to post
Share on other sites

I believe they are FP's, due DB 118 show no infection in the quick scan and updating to DB 119 and doing a Quick scan. I have 693 infections.

btw, I Q/D and removed them.

Share this post


Link to post
Share on other sites
After looking at hardhead's log I feel a little better that mine are FP's (HH's too)

I have a pretty good security setup but anythings possiable.

Hopefully they will all be confirmed to be FP's

Those ActiveX entries are false positives.

I'm positive that ours are too. :D

Mine is with DB 119.

Share this post


Link to post
Share on other sites

The ActiveX keys are actually set for protection (by SpywareBlaster, Spybot Search & Destroy) to name a few.

Share this post


Link to post
Share on other sites

Marcin, Bruce, everyone,

I would like to have more explanations about these keys you say to be FP.

A FP is an item which is legitimate and that the tool detects as malware so a FP must not be removed!

btw, I Q/D and removed them.
sho-dan removed them and so did I for my 33!

Are these keys to be removed or not?

~~

So, I deleted my 33 (they are in the quarantine)!

I had a look at 2 comps in front of me:

- the first one I using for my tests (with 33 keys deleted) -> if I count the number of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility, I have lots and lots (28 screen heights lol)

- another one (same system) that never had MBAM -> I have 9 screen heights only

Are you sure MBAM doesn't add keys as a test of creation and that are never deleted?

Share this post


Link to post
Share on other sites

Thanks Marcin!

I'm going to look into these keys on my different comps and see where they come from (on this 28-screen-heights computer, I test several tools)!

But for now... bed (it's 1:54a here) Enjoy your night!

Share this post


Link to post
Share on other sites

I had 707 detections, all similar to the ones already reported.

I deleted all 12 of the Trojan.zlob variety, then opened SpywareBlaster- 11 Internet Explorer items had protection disabled. Checked my immunization in Spybot: one was disabled. After re-enabling all protection and re-immunizing, mbam again found 707.

QED.

Share this post


Link to post
Share on other sites

All is well here to with DB 120 running XP. :D

Malwarebytes' Anti-Malware Version 0.66

Database version: 120

This logfile was saved before the removal process.

Scan type: Quick Scan

Objects scanned: 11830

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

My previous post was running XP too.

Share this post


Link to post
Share on other sites

Hello

Version 0.66 Database version: 120

I removed/reinstalled, updated and enabled all protection in spywareblaster, all is good.

This the Quick scan 0 infections after spywareblaster process.

Share this post


Link to post
Share on other sites

That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP .

Share this post


Link to post
Share on other sites
That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP .

All is good.

Thats why we beta test. :D

Share this post


Link to post
Share on other sites
That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP .

Well I didn't get it either. :D I have plenty of protection. However, I did miss two DB updates somehow, from what it was with the build release until now.

Scanned with release of 66 and nothing except the update for Antivir found, so it was the next DB that gave the F/P's??

Scan with DB 120 nothing found.

Share this post


Link to post
Share on other sites
Well I didn't get it either. :D I have plenty of protection. However, I did miss two DB updates somehow, from what it was with the build release until now.

Scanned with release of 66 and nothing except the update for Antivir found, so it was the next DB that gave the F/P's??

Scan with DB 120 nothing found.

It was Database 118 and 119 that gave the FPs.

Share this post


Link to post
Share on other sites

updated mbam 0.66 datebase:121 fingerprints:6318 and did a full scan and found Malwarebytes' Anti-Malware Version 0.66

Database version: 121

This logfile was saved before the removal process.

Scan type: Full Scan (C:\|)

Objects scanned: 29695

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\ip6fw.sys (Rootkit.Agent) -> No action taken. :D scan it at jotti's and found nothing and i sent it in here also :D

i did the scan offline then i got online and my comodo firewall 2.4 go's off with first with Date/Time :2007-08-07 23:47:10Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (sched.exe)Application: C:\Program Files\AntiVir PersonalEdition Classic\sched.exeParent: C:\WINDOWS\system32\services.exeProtocol: TCP OutDestination: 127.0.0.1::18350Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\AntiVir PersonalEdition Classic\sched.exe in memory. :D and then it say's Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::nbdgram(138)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. :( then Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::1055Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. :) then Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::upnp-mcast(1900)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. :) then Date/Time :2007-08-07 23:53:12Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (msncc.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 209.244.0.3::dns(53)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. :) then Date/Time :2007-08-07 23:53:13Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (msncc.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 65.54.131.245::https(443)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. :) msncc is part of my isp i use msn dialup :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.