Jump to content

Recommended Posts

Anti-malware reports an infected file, that requires a reboot to be removed. After reboot, the file (or a new copy of it) is still present and detected on a new scan. The two logs are below, I am not able to copy the infected file.

Malwarebytes' Anti-Malware 1.43

Database version: 3482

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

02/01/2010 8:48:57 PM

mbam-log-2010-01-02 (20-48-43).txt

Scan type: Quick Scan

Objects scanned: 133694

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260]

===

Malwarebytes' Anti-Malware 1.43

Database version: 3482

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

02/01/2010 9:24:12 PM

mbam-log-2010-01-02 (21-24-02).txt

Scan type: Quick Scan

Objects scanned: 133835

Time elapsed: 8 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\vdqnu.sys (Rootkit.Agent) -> No action taken. [27799344B9A891D5F58CB3005D135260]

I was advised to open a support thread here:

http://www.malwarebytes.org/forums/index.php?showtopic=35259

Link to post
Share on other sites

I'm having the same problem. File is

"c:\windows\system32\drivers\wjphwxtd.sys (Rootkit.Agent) -> Delete on reboot."

However, I reboot and do another quick scan, and file is still there and I'm given the same instructions (reboot).

Just updated malwarebytes this morning.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.