Root Admin RubbeR DuckY Posted December 26, 2007 Root Admin ID:11247 Share Posted December 26, 2007 Version 0.84 Beta (December 26th, 2007)1. (FIXED) Problem with hangups during Full Scan.2. (FIXED) Terminate Internet Explorer now disabled by default.3. (FIXED) Minor registry scan optimizations.4. (FIXED) Minor bugs that could cause potential errors.5. (FIXED) Moved false positive reporting to results form.If you have 0.83 installed, simply use the built in updater.If you have 0.82 or lower installed, you need to install this version from scratch. Link to post Share on other sites More sharing options...
nerrad Posted December 26, 2007 ID:11249 Share Posted December 26, 2007 Update from 0.83 --> 0.84 was flawless using internal updater.Nothing out of the ordinary to report during scans. Link to post Share on other sites More sharing options...
njustice Posted December 27, 2007 ID:11250 Share Posted December 27, 2007 Same here with no problems updating thru the internal updater. Scan time was faster than the previous version if memory serves me.Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Quick ScanObjects scanned: 16199Time elapsed: 2 minute(s), 18 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
sho-dan Posted December 27, 2007 ID:11251 Share Posted December 27, 2007 Job well done Marcin! B) All updates/installs were completed, no problems to report. All is well. Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Quick ScanObjects scanned: 15272Time elapsed: 2 minute(s), 16 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0-----------------------------------------------------Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 54692Time elapsed: 18 minute(s), 20 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Intel 2.00ghz-1gb mem.- XP Home Link to post Share on other sites More sharing options...
mrgigabyte Posted December 27, 2007 ID:11252 Share Posted December 27, 2007 hi everyone hope everyones holiday is going great, ok now for this new version, i uninstall 82 and installed 84everything is going great i dont see any problems what so ever. ran a short scan took about 4 mins and was clean.also maybe i did not notice before but i like this new shortcut to view the logsMalwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Quick ScanObjects scanned: 17374Time elapsed: 4 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) have a great night everyone mrgigabyte B) Link to post Share on other sites More sharing options...
Tigger93 Posted December 27, 2007 ID:11253 Share Posted December 27, 2007 Scan time got better by about 15 seconds. All working well, though it did freeze up on a memory object for about 4 or 5 seconds right before it started scanning the registry. Link to post Share on other sites More sharing options...
ipl_001 Posted December 27, 2007 ID:11254 Share Posted December 27, 2007 Hi Marcin, hi everyone,No problem to upgrade!Malwarebytes' Anti-Malware Version 0.84Version de la base de donn Link to post Share on other sites More sharing options...
lurkingatu2 Posted December 27, 2007 ID:11255 Share Posted December 27, 2007 hello updated mbam 0.83 to 0.84 from with in the program with no problemsnow the full scan works fine here Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 37413Time elapsed: 8 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) thanks B) Link to post Share on other sites More sharing options...
ipl_001 Posted December 27, 2007 ID:11257 Share Posted December 27, 2007 Howdy,Malwarebytes' Anti-Malware Version 0.84Version de la base de donn Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted December 27, 2007 Author Root Admin ID:11260 Share Posted December 27, 2007 G Link to post Share on other sites More sharing options...
fredvries Posted December 27, 2007 ID:11263 Share Posted December 27, 2007 Update from 0.83 to 0.84 using the internal updater gave no problems.Scan: no problemsMalwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\|D:\| )Objects scanned: 77151Time elapsed: 31 minute(s), 38 second(s) Link to post Share on other sites More sharing options...
2Ton Posted December 27, 2007 ID:11268 Share Posted December 27, 2007 1.Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Quick ScanObjects scanned: 17652Time elapsed: 2 minute(s), 26 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 02.Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 63517Time elapsed: 14 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 03. The update went well using the internal updater. Everything is working well, there are no problems to report. Link to post Share on other sites More sharing options...
sho-dan Posted December 27, 2007 ID:11269 Share Posted December 27, 2007 Hello everyoneThese scan logs were generated by my AMD3000-1.5gb mem.-XP pro, test/backup box. Internal updater download/install no problems to speak of, wery wery fast. B) Malwarebytes' Anti-Malware Version 0.83Database version: 236Scan type: Quick ScanObjects scanned:14935Time elapsed: 1 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0------------------------------------------------Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 41536Time elapsed:8 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Link to post Share on other sites More sharing options...
Dakeyras Posted December 27, 2007 ID:11270 Share Posted December 27, 2007 Hi all B).No problems with the update and the application ran smoothly.Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 49581Time elapsed: 12 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Dakeyras Posted December 27, 2007 ID:11281 Share Posted December 27, 2007 Hi B).Just tried the lastest version of the application on my VM. Running W2k, SP4, no security software in place. I was surprised how quickly it became infected with malware(A matter of five mintues).Scanned successfully and removed all the infections, very impressive .Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 16123Time elapsed: 4 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 30Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 5Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\E404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b7c9058d-0f9c-32c0-83b6-740dfd8a6726} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{cfafa83c-855b-4e3d-92b9-a587995b675a} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{0979850f-6c3e-4294-b225-b3d3c4a6f2a1} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{1bb2da5f-b78f-44ea-bda1-771cbe1dec68} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2a4e73c5-ba3c-4391-b7e5-ffe8d3bd6245} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{44a923ca-f430-4f85-9f84-5153ecdb882e} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{4e6e21ec-9d72-4164-8a53-74786a467872} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{631e9e48-b066-43da-92ac-6dadf61b173b} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{65c1361c-e696-4af0-9e21-81910193f352} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{77dce805-c8ce-48aa-a47f-bfa6cc7704b3} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{8d42769f-07d8-494d-aab4-aa1652c541fa} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a1922071-390c-418d-916d-91209e95d286} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a1f8cd95-cfb3-43d1-a956-63441cc058c1} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a63b46ad-96a7-4a2c-bd8f-8cd097e1593a} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{a65f98dd-2360-468c-b76e-b1b84c0d547c} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{ae2aeed0-be1b-4ba2-826e-20d1991081b8} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{d7f73787-6206-4bba-bdc0-7cfa9940dbcb} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{e770f739-2968-4ed9-a63c-dc1938dc82a2} (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusProtect 3.9.exe 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\virusprotect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\VirusProtect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VirusProtect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\VirusProtect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.C:\Program Files\VirusProtect 3.9\Logs (Rogue.VirusProtect) -> Quarantined and deleted successfully.C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.C:\Documents and Settings\VM w2k\Start Menu\Programs\VirusProtect 3.9 (Rogue.VirusProtect) -> Quarantined and deleted successfully.Files Infected:C:\Documents and Settings\VM w2k\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusProtect 3.9.lnk (Rogue.VirusProtect) -> Quarantined and deleted successfully.C:\Documents and Settings\VM w2k\Desktop\VirusProtect 3.9.lnk (Rogue.VirusProtect) -> Quarantined and deleted successfully.C:\Documents and Settings\VM w2k\Start Menu\VirusProtect 3.9.lnk (Rogue.VirusProtect) -> Quarantined and deleted successfully.C:\Documents and Settings\VM w2k\Local Settings\Temp\laf4.exe (Trojan.Zlob) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted December 27, 2007 Author Root Admin ID:11287 Share Posted December 27, 2007 Notice how these items.Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.Were probably not removed. This is a known bug and is already fixed in the next build. Link to post Share on other sites More sharing options...
Dakeyras Posted December 27, 2007 ID:11288 Share Posted December 27, 2007 Hi RubbeR DuckY B), thank you for replying.I had not noticed that, so restarted the VM and found what you mentioned:So from what you posted the next build update will remove that notification if I understand correctly. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted December 27, 2007 Author Root Admin ID:11289 Share Posted December 27, 2007 No, the notification is the rest of the infection, which MBAM either did not remove or did not detect it. Post the entry from HJT, it should be an O22. Link to post Share on other sites More sharing options...
Dakeyras Posted December 27, 2007 ID:11290 Share Posted December 27, 2007 Hi B), thank you for replying.The notification is in the taskbar next to the language selection, which I first thought was a windows update type.No indication of a 022 entry, here is the HJT log: (Hope you do not think I am being a pain, I'm a complete novice re anti-malware and understanding the foilbles, even tho been testing your software since september gone)Logfile of HijackThis v1.99.1Scan saved at 23:43:22, on 27/12/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\internat.exeC:\WINNT\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocxO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKCU\..\Run: [internat.exe] internat.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htmO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198335403360O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198344182867O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe Link to post Share on other sites More sharing options...
joe53 Posted December 28, 2007 ID:11291 Share Posted December 28, 2007 Version 0.84 installed and ran cleanly, but heuristics is still detecting numerous 0 byte files. I quarantine/delete, and others with different names are created/detected during subsequent scans. Latest scans:Malwarebytes' Anti-Malware Version 0.84Database version: 236________________________Scan type: Quick ScanObjects scanned: 16216Time elapsed: 2 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0_______________________Scan type: Full Scan (C:\| )Objects scanned: 73306Time elapsed: 17 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 4Files Infected:C:\WINDOWS\system32\drivers\fcflal25.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kdshc.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\svq51.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\rhp37.sys (Rootkit.Agent) -> Quarantined and deleted successfully._________________________________________________________________________________The properties of these 4 files detected show they were all created at the exact same time as the log of the previous Quick scan, if that helps.The problem is intermittent- sometimes several scans in a row detect nothing.XP MCE 2005NOD32 v2.7Comodo Firewall Pro 3.0Comodo BOClean 4.25Windows Defender WinPatrol Plus Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted December 28, 2007 Author Root Admin ID:11292 Share Posted December 28, 2007 What the heck, I thought I fixed these multiple times now. I even added clean up code to ensure this wouldn't happen. I will rewrite the code a 999th time. Link to post Share on other sites More sharing options...
joe53 Posted December 28, 2007 ID:11293 Share Posted December 28, 2007 Sorry about that, Marcin. I seem to be the only one affected, and can't help but wonder if it's a conflict with one of my many other on-demand defensive apps, on-line scanners, etc.I can say that this PC has remained uninfected, AFAIK, since I purchased it, and I do try to maintain a pretty lean start-up list. Link to post Share on other sites More sharing options...
Walker Posted December 28, 2007 ID:11311 Share Posted December 28, 2007 Hi,Updated with te built in updater and had no problems.Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Quick ScanObjects scanned: 15810Time elapsed: 2 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Malwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 92148Time elapsed: 30 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Link to post Share on other sites More sharing options...
gerardwil Posted December 29, 2007 ID:11316 Share Posted December 29, 2007 No issues GerardMalwarebytes' Anti-Malware Version 0.84Database version: 236Scan type: Full Scan (C:\| )Objects scanned: 67743Time elapsed: 14 minute(s), 49 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Recommended Posts