Jump to content
Pilate

TrojanDisabledAVSecurityCerts

Recommended Posts

Hello!

I have another question. How can I distinguish MBAR driver from another Malwarebytes drivers?

Share this post


Link to post
Share on other sites

Is it possible to export MBAM ignore list before uninstalling the program?

Share this post


Link to post
Share on other sites
11 hours ago, Pilate said:

Hello!

I have another question. How can I distinguish MBAR driver from another Malwarebytes drivers?

You can do a right-click on the file and select Properties and see whether it shows Malwarebytes.

The drivers from MBAR  have numbers before the .SYS   and they are in windows\system32

 

Sorry, but I do not believe that there is a "export" function of the "ignore list".

 

Question:  Is there some / any infection-related issue at this point?   Are we ready to wrap this up?

Share this post


Link to post
Share on other sites

1. I installed MB3 and performed full scan. The following items were detected:

PUM.DisabledSecurityCenter (3 items) - excluded

PUM.DisableMRT (1 item) - excluded

PUP.Optional.Mail.Ru - removed

I noticed that the rootkit scan option is disabled by default. Should I enable it?

2. I don't think that my machines were infected. IMHO those disallowed certificates were a FP of Malwarebytes software.

Share this post


Link to post
Share on other sites

If you would send a copy of the last Scan run it would be very much appreciated.

In Malwarebytes.
Click the Reports button ( on the left )
Look for the "Scan Report" that has the most recent Date and time.

When located, click the check box for it and click on View Report.
Then click the Export button at the bottom left.
Then select Text File (*.txt)

Put in a name for that file and remember where the file is created.

Then attach that file with your reply. Thank you. 
 

The rootkit scan  is off by default  & is normally not needed.

 

To your last point,   we can now put to rest the certs issue.

Share this post


Link to post
Share on other sites
6 minutes ago, Maurice Naggar said:

If you would send a copy of the last Scan run it would be very much appreciated.

I attached the file.

MB3_Report.txt

Share this post


Link to post
Share on other sites

Thank you for the report.

IF your email account is ' not '  with mail.ru

then you should have the line item removed   for the pup,optional.mailru

 

PUP.Optional.MailRu, C:\DOCUMENTS AND SETTINGS\MATIAS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Web Data, Проигнорировано пользователем, [259], [454830],1.0.15908

 

Share this post


Link to post
Share on other sites
3 minutes ago, Maurice Naggar said:

IF your email account is ' not '  with mail.ru

then you should have the line item removed   for the pup,optional.mailru

I already removed Mail.Ru Search Plugin for Google Chrome. I prefer to use DuckDuckGo.

Share this post


Link to post
Share on other sites
Posted (edited)

If you feel the need for another scan-check on this XP machine,  you can do one with Dr,Web Cure-It

Otherwise, if not,  we can proceed to wrap up this case.

 

Download Dr.Web CureIt to the desktop. 
The download is nearly 104.6 MB in size.       Be real sure to first SAVE the download.  

 

doubleclick on  the download file first to start the tool.     ( Drweb will randomize the name of the file when you download it )
⦁    You will see a screen similar to this:

drweb-1.jpg.d19c089d11f5b87d91965b11ad62ca17.jpg


 
Click the checkbox to participate, and then click on Continue button.

 


⦁    Next

drweb-2.jpg.d5bdb76dc769a35fe9b643c90dddb7b0.jpg


 
Click on Select objects for scanning
⦁    Next

drweb-3.jpg.2b2fa047cb9a0e7fcbdd5c69a73fa694.jpg
 
Put a checkmark by clicking on all the boxes    EXCEPT for

"Temporary files"

"System restore points"


Do not select Temporary files or System Restore points.


Then click on Start scanning button

⦁    The scan in progress will be shown like this

 

drweb-4.jpg.6f5db8bfbc2db1162e72a626053fe62a.jpg


⦁    IF something is detected, you will see a screen similar to this

 

image.png.75d975285e7cd0b1ea4d39b61fca8f9a.png


 
For each item "detected", click on the Action column down arrow, like this
 

image.png.5c1e515f37a43ca9a954c0ee5f4b0f4c.png

Your options will be Cure or Ignore

IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cure default.

Then click on the Neutralize button.

 

⦁    When the actions are completed, you will see this

image.png.248b34e853c772318a415fb88ef452b4.png


 
⦁    Click on the green Open Report line. It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called Cureit.log
⦁    Close Dr.Web Cureit. 
⦁    Reboot your computer to allow files that were in use to be moved/deleted during reboot. 
⦁    After reboot, attach the log Cureit.log you saved previously in your next reply. 

 

Have patience in all this.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

I scanned this PC with Cureit 2 days ago. The scanner didn't find any threats. I regulary scans this machine with Cureit.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Share this post


Link to post
Share on other sites

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.
I wish you all the best.  Stay safe.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.