Tigger93 Posted August 8, 2007 ID:7331 Share Posted August 8, 2007 I also got the C:\WINDOWS\system32\drivers\ip6fw.sys (Rootkit.Agent) -> No action taken. FP. Link to post Share on other sites More sharing options...
Hardhead Posted August 8, 2007 ID:7333 Share Posted August 8, 2007 Same here too but that file is Microsoft IPv6 Internet Connection Firewall for Windows NT/2000/XP Driver. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 8, 2007 Author Root Admin ID:7334 Share Posted August 8, 2007 Bruce will probably fix it tonight, the FP is because a rootkit uses a file by the name. Link to post Share on other sites More sharing options...
ipl_001 Posted August 9, 2007 ID:7349 Share Posted August 9, 2007 Howdy,- updated from 0.66/119/6094 to 0.66/121/6318- Quick Scan -> 5 min 39 sec for 14,000 objects -> 1 infected object: that ip6fw.sys too Link to post Share on other sites More sharing options...
nosirrah Posted August 9, 2007 ID:7352 Share Posted August 9, 2007 I wonder which is the best way to catch these . We can either whitelist MD5s or have a driver unearth a MD5 for MBAM . I know Marcin , both options stink .mmmm , what about version info check ? Is that doable ? Link to post Share on other sites More sharing options...
Hardhead Posted August 9, 2007 ID:7355 Share Posted August 9, 2007 mmmm , what about version info check ? Is that doable ?Thats a great idea if it will work. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2007 ID:7361 Share Posted August 9, 2007 I got the F/P C:\WINDOWS\system32\drivers\ip6fw.sys (Rootkit.Agent) Scanned 87276 objects in 28:21. It's getting faster every time. Link to post Share on other sites More sharing options...
nosirrah Posted August 9, 2007 ID:7362 Share Posted August 9, 2007 recheck guys and gals , should be fixed Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2007 ID:7364 Share Posted August 9, 2007 13104 objects scanned in 3:49 nothing found! Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2007 ID:7365 Share Posted August 9, 2007 87368 objects scanned in 23:56 nothing found. Shaved almost 5 minutes of full scan boys! WTG. I'm really not doing anything different on my end since the earlier scan. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 9, 2007 Author Root Admin ID:7366 Share Posted August 9, 2007 I'm working on a few larger scale fixes of the scanning code. The new version can be delayed up to a week, but by then it will be nearly ready for release. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 9, 2007 ID:7367 Share Posted August 9, 2007 Fixes? I see nothing wrong. Link to post Share on other sites More sharing options...
ipl_001 Posted August 9, 2007 ID:7370 Share Posted August 9, 2007 Hi Marcin, Jean, hi everyone,I'm working on a few larger scale fixes of the scanning code. The new version can be delayed up to a week, but by then it will be nearly ready for release.Marcin, I don't know exactly what you mean but I trust you... should be great! I'm here to help you test if you need... go ahead!Fixes? I see nothing wrong. Jean, Marcin's fixes might save you 5 additionnal minutes! Link to post Share on other sites More sharing options...
Ruby Posted August 9, 2007 ID:7378 Share Posted August 9, 2007 Hello everybodyScan done on the same machine (Windows XP) with the same amount of files:Malwarebytes' Anti-Malware Version 0.66Database version: 118Objects scanned: 10267340 minutesNothing foundNow scanning has become much faster and the logfile shows up the information about how much files are scanned and which directories habe been scanned. Good work - Thank you. RegardsRuby Link to post Share on other sites More sharing options...
ipl_001 Posted August 9, 2007 ID:7382 Share Posted August 9, 2007 Hi Ruby, Marcin, Bruce, hi everyone,Ruby, don't forget to update before running a scan...- update -> MBAM version 0.66 / DataBase version 122 with 6330 fingerprints- Quick Scan -> 4 min. 44 sec. for 13,832 objects ie 3,108 objects/minute ie 51.8 objects/second - 0 infected file- Full Scan in progress...Marcin, here's a spelling: Scan in progress ("r" missing!) Link to post Share on other sites More sharing options...
lurkingatu2 Posted August 9, 2007 ID:7384 Share Posted August 9, 2007 mbam 0.66 db:122 fp:6330 quick and full scan found nothing all seems ok here thanks Link to post Share on other sites More sharing options...
ipl_001 Posted August 9, 2007 ID:7386 Share Posted August 9, 2007 Hi everyone,- Full Scan -> 46 min. 44 sec. for 71952 objects scanned ie 1,549 objects/min or 25.82 objects/sec -> 14 files infected!Malwarebytes' Anti-Malware Version 0.66Database version: 122This logfile was saved before the removal process.Scan type: Full Scan (C:\|)Objects scanned: 71954Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 14- the 14 infected files are known (volontary infectious files)- I notice the difference in objects scanned, displayed: 71,952, reported: 71,954 unless I made a mistake! Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 9, 2007 Author Root Admin ID:7396 Share Posted August 9, 2007 Objects scanned includes amount of fingerprints in database (other than hashes). For example any files we check against. This will always be different per fingerprint.As for fixes. There is a large language bug that doesn't load the language properly. Another bug is the database does not load on any Chinese/Japanese/Possibly Russian and other Multi-Byte (Unicode) systems. I am fixing this as we speak.. but it is looking rather hard. Link to post Share on other sites More sharing options...
ipl_001 Posted August 9, 2007 ID:7402 Share Posted August 9, 2007 Marcin,Thanks for your explanations!I am fixing this as we speak.. but it is looking rather hard.Good luck... I have confidence in you! Link to post Share on other sites More sharing options...
Recommended Posts