Jump to content



Recommended Posts

One of our employees computers received a virus notification about a Downloader that was reportedly "cleaned by deletion" by the Symantec AV product we use. I cleared out all cache and temporary files then re-ran a scan to confirm it was clean.

For good measure I also ran a Malwarebytes scan. It did find some "Rogue.Mulitple" items but took no action. Please see attached MBAM log file.

I haven't been able to find anything on the Rogue.Multiple entries in the log file. Can you please review and let me know if this is something new I should do something about or if it's a false positive?

The machine is not exhibiting any odd behavior, which is why I did not include HJT logs. I only need to know if this "Rogue.Mulitple" is a false positive or not. If you still require HJT logs, please let me know.



Link to post
Share on other sites

  • Staff


Just check next entry in HijackThis and click the fix checked button:

O18 - Filter hijack: text/html - {9fc93e77-e01a-4ece-b323-b954a21849c2} - C:\WINDOWS\mark_32.dll

In case it won't go away in HijackThis (as this appears to be a common problem with Protocol registry entries in HijackThis), do the following...

Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)



Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Link to post
Share on other sites

  • Staff


It's a protocol class registered by this malicious file, so the registryfix removes that protocol again in the registry as this is not a default protocol set in Windows anyway.

You can't break anything with it since the related file is gone - so it's just an orphaned protocol\filter entry in the registry.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.