Root Admin RubbeR DuckY Posted August 7, 2007 Root Admin ID:7248 Share Posted August 7, 2007 More logfile options along with stability and speed fixes. Link to post Share on other sites More sharing options...
lurkingatu2 Posted August 7, 2007 ID:7249 Share Posted August 7, 2007 ok upgreaded mbam with in the program from 0.65 to 0.66 database:118 fingerprints:5567 and the first few times i started mbam i got that popup that mbam is already running and mbam stell starts i have restarted a few times and have not seen it yet after starting mbam and i did a quick scan and a full scan and found nothing thanks Link to post Share on other sites More sharing options...
ipl_001 Posted August 7, 2007 ID:7259 Share Posted August 7, 2007 Hi Marcin, lurkingatu2, hi everyone,- upgrade 0.65 /117/5527 ---959 KB---> 0.66/118/5567- update 0.66/118/5567 -> 0.66/119/6094- Quick Scan in progress - Objects infected: 34!Malwarebytes' Anti-Malware Version 0.66Database version: 119This logfile was saved before the removal process.Scan type: Quick ScanObjects scanned: 13587Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 33Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{000006b1-19b5-414a-849f-2a3c64ae6939} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Fake.Dropped.Malware.SpywareSoftStop) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c298fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1678f7e1-c422-11d0-ad7d-00400515caaa} (Spyware.Comet.Cursor) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d14d6793-9b65-11d3-80b6-00500487bdba} (Spyware.Comet.Cursor) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fe6bc4ef-5676-484b-88ae-883323913256} (Spyware.Comet.Cursor) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093f9cf8-0de1-491c-95d5-5ec257bd4ca3} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11f1d260-129e-4eb7-b37e-57e3d97a3df1} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26d73573-f1b3-48c9-a989-e6ce071957a1} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54c75fb0-6b8b-4278-bf7b-77036f15a69e} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b843da96-2b2d-447e-90ab-b92929aa11af} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c6760a07-a574-4705-b113-7856315922c3} (Adware.EGDAccess) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fa83e942-b796-46de-9155-1632ecc5473b} (Adware.EGDAccess) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\drivers\VideoCap11.sys (Rootkit.Agent) -> No action taken.I'm going to see this thoroughly!NB: Last line is known! Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 7, 2007 Author Root Admin ID:7262 Share Posted August 7, 2007 Those ActiveX entries are false positives. Can you delete that videocap11.sys and see if it happens again in subsequent scans. Link to post Share on other sites More sharing options...
ipl_001 Posted August 7, 2007 ID:7272 Share Posted August 7, 2007 Marcin,I deleted the "rootkit" manually then ran the Quick scan which found 33 infected objects:Malwarebytes' Anti-Malware Version 0.66Database version: 119This logfile was saved after the removal process completed.Scan type: Quick ScanObjects scanned: 13596Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 33Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{000006b1-19b5-414a-849f-2a3c64ae6939} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06dfedaa-6196-11d5-bfc8-00508b4a487d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{669695bc-a811-4a9d-8cdf-ba8c795f261e} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{bb936323-19fa-4521-ba29-eca6a121bc78} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca1d1b05-9c66-11d5-a009-000103c1e50b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Fake.Dropped.Malware.SpywareSoftStop) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5d60ff48-95be-4956-b4c6-6bb168a70310} (Trojan.KeenValue) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{85a702ba-ea8f-4b83-aa07-07a5186acd7e} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c298fb42-e3e2-11d3-adcd-0050dac24e8f} (Trojan.Downloader) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1678f7e1-c422-11d0-ad7d-00400515caaa} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d14d6793-9b65-11d3-80b6-00500487bdba} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fe6bc4ef-5676-484b-88ae-883323913256} (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093f9cf8-0de1-491c-95d5-5ec257bd4ca3} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11f1d260-129e-4eb7-b37e-57e3d97a3df1} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26d73573-f1b3-48c9-a989-e6ce071957a1} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54c75fb0-6b8b-4278-bf7b-77036f15a69e} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{b843da96-2b2d-447e-90ab-b92929aa11af} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{c6760a07-a574-4705-b113-7856315922c3} (Adware.EGDAccess) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{fa83e942-b796-46de-9155-1632ecc5473b} (Adware.EGDAccess) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)As you could see above, I removed them and I'm running another Quick scan.~~ edit:- Quick Scan -> 5 min. 1 sec. for 13596 objects -> 0 infected objects! Link to post Share on other sites More sharing options...
Hardhead Posted August 7, 2007 ID:7276 Share Posted August 7, 2007 710 files here.log_8.7.2007__182811_.txtI'm guessing mine are all FPs.log_8.7.2007__182811_.txt Link to post Share on other sites More sharing options...
LoneWolf Posted August 7, 2007 ID:7277 Share Posted August 7, 2007 769 Here.hopefully all are FP'slog_8.7.2007__174359_.txtlog_8.7.2007__174359_.txt Link to post Share on other sites More sharing options...
ipl_001 Posted August 7, 2007 ID:7278 Share Posted August 7, 2007 Hardhead, LoneWolf,I hope (for you) they are FP! Link to post Share on other sites More sharing options...
LoneWolf Posted August 7, 2007 ID:7279 Share Posted August 7, 2007 After looking at hardhead's log I feel a little better that mine are FP's (HH's too)I have a pretty good security setup but anythings possiable.Hopefully they will all be confirmed to be FP's Link to post Share on other sites More sharing options...
sho-dan Posted August 7, 2007 ID:7281 Share Posted August 7, 2007 I believe they are FP's, due DB 118 show no infection in the quick scan and updating to DB 119 and doing a Quick scan. I have 693 infections.btw, I Q/D and removed them. Link to post Share on other sites More sharing options...
Hardhead Posted August 7, 2007 ID:7282 Share Posted August 7, 2007 After looking at hardhead's log I feel a little better that mine are FP's (HH's too)I have a pretty good security setup but anythings possiable.Hopefully they will all be confirmed to be FP'sThose ActiveX entries are false positives.I'm positive that ours are too. Mine is with DB 119. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 7, 2007 Author Root Admin ID:7283 Share Posted August 7, 2007 The ActiveX keys are actually set for protection (by SpywareBlaster, Spybot Search & Destroy) to name a few. Link to post Share on other sites More sharing options...
ipl_001 Posted August 7, 2007 ID:7285 Share Posted August 7, 2007 Marcin, Bruce, everyone,I would like to have more explanations about these keys you say to be FP.A FP is an item which is legitimate and that the tool detects as malware so a FP must not be removed!btw, I Q/D and removed them.sho-dan removed them and so did I for my 33!Are these keys to be removed or not?~~So, I deleted my 33 (they are in the quarantine)!I had a look at 2 comps in front of me:- the first one I using for my tests (with 33 keys deleted) -> if I count the number of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility, I have lots and lots (28 screen heights lol)- another one (same system) that never had MBAM -> I have 9 screen heights onlyAre you sure MBAM doesn't add keys as a test of creation and that are never deleted? Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 7, 2007 Author Root Admin ID:7286 Share Posted August 7, 2007 G Link to post Share on other sites More sharing options...
ipl_001 Posted August 7, 2007 ID:7287 Share Posted August 7, 2007 Thanks Marcin!I'm going to look into these keys on my different comps and see where they come from (on this 28-screen-heights computer, I test several tools)!But for now... bed (it's 1:54a here) Enjoy your night! Link to post Share on other sites More sharing options...
joe53 Posted August 8, 2007 ID:7290 Share Posted August 8, 2007 I had 707 detections, all similar to the ones already reported.I deleted all 12 of the Trojan.zlob variety, then opened SpywareBlaster- 11 Internet Explorer items had protection disabled. Checked my immunization in Spybot: one was disabled. After re-enabling all protection and re-immunizing, mbam again found 707.QED. Link to post Share on other sites More sharing options...
LoneWolf Posted August 8, 2007 ID:7291 Share Posted August 8, 2007 data base 120. All 769 detected objects are not detected anymore. Link to post Share on other sites More sharing options...
Hardhead Posted August 8, 2007 ID:7292 Share Posted August 8, 2007 All is well here to with DB 120 running XP. Malwarebytes' Anti-Malware Version 0.66Database version: 120This logfile was saved before the removal process.Scan type: Quick ScanObjects scanned: 11830Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)My previous post was running XP too. Link to post Share on other sites More sharing options...
sho-dan Posted August 8, 2007 ID:7297 Share Posted August 8, 2007 HelloVersion 0.66 Database version: 120I removed/reinstalled, updated and enabled all protection in spywareblaster, all is good.This the Quick scan 0 infections after spywareblaster process. Link to post Share on other sites More sharing options...
nosirrah Posted August 8, 2007 ID:7299 Share Posted August 8, 2007 That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP . Link to post Share on other sites More sharing options...
Hardhead Posted August 8, 2007 ID:7300 Share Posted August 8, 2007 That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP .All is good.Thats why we beta test. Link to post Share on other sites More sharing options...
JeanInMontana Posted August 8, 2007 ID:7301 Share Posted August 8, 2007 That was a "fun" glitch . Not having any protection software on my test box I did not catch this FP .Well I didn't get it either. I have plenty of protection. However, I did miss two DB updates somehow, from what it was with the build release until now.Scanned with release of 66 and nothing except the update for Antivir found, so it was the next DB that gave the F/P's??Scan with DB 120 nothing found. Link to post Share on other sites More sharing options...
Hardhead Posted August 8, 2007 ID:7303 Share Posted August 8, 2007 Well I didn't get it either. I have plenty of protection. However, I did miss two DB updates somehow, from what it was with the build release until now.Scanned with release of 66 and nothing except the update for Antivir found, so it was the next DB that gave the F/P's??Scan with DB 120 nothing found.It was Database 118 and 119 that gave the FPs. Link to post Share on other sites More sharing options...
lurkingatu2 Posted August 8, 2007 ID:7315 Share Posted August 8, 2007 updated mbam 0.66 datebase:121 fingerprints:6318 and did a full scan and found Malwarebytes' Anti-Malware Version 0.66Database version: 121This logfile was saved before the removal process.Scan type: Full Scan (C:\|)Objects scanned: 29695Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\drivers\ip6fw.sys (Rootkit.Agent) -> No action taken. scan it at jotti's and found nothing and i sent it in here also i did the scan offline then i got online and my comodo firewall 2.4 go's off with first with Date/Time :2007-08-07 23:47:10Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (sched.exe)Application: C:\Program Files\AntiVir PersonalEdition Classic\sched.exeParent: C:\WINDOWS\system32\services.exeProtocol: TCP OutDestination: 127.0.0.1::18350Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\AntiVir PersonalEdition Classic\sched.exe in memory. and then it say's Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::nbdgram(138)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. then Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::1055Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. then Date/Time :2007-08-07 23:52:51Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (svchost.exe)Application: C:\WINDOWS\system32\svchost.exeParent: C:\WINDOWS\system32\services.exeProtocol: UDP InDestination: 4.xxx.xxx.xxx::upnp-mcast(1900)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\WINDOWS\system32\svchost.exe in memory. then Date/Time :2007-08-07 23:53:12Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (msncc.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeParent: C:\WINDOWS\explorer.exeProtocol: UDP OutDestination: 209.244.0.3::dns(53)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. then Date/Time :2007-08-07 23:53:13Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (msncc.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 65.54.131.245::https(443)Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. msncc is part of my isp i use msn dialup Link to post Share on other sites More sharing options...
nosirrah Posted August 8, 2007 ID:7321 Share Posted August 8, 2007 Darn , another minused filename to cause this exact confusion . I want to be able to whitelist these somehow so we can still catch the bad ones .http://www.google.com/search?hl=en&q=d...G=Google+SearchGoogle has way more bad than good to say about that file path . Link to post Share on other sites More sharing options...
Recommended Posts