Jump to content

Potential FPs from a log


DragonMaster Jay

Recommended Posts

Had a user recently who had potential false positives. Please analyze the log. Thanks.

Thread: http://www.geekpolice.net/virus-spyware-ma...5511.htm#100693

Malwarebytes' Anti-Malware 1.41

Database version: 3143

Windows 5.1.2600 Service Pack 3

11/11/2009 4:51:15 AM

mbam-log-2009-11-11 (04-51-15).txt

Scan type: Full Scan (C:\|)

Objects scanned: 205307

Time elapsed: 2 hour(s), 33 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\commyFix\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\commyFix11601c\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0007465.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0012818.ocx (Adware.Gdown) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

Link to post
Share on other sites

C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.

Already fixed

The others , I may need the files to know for sure .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.