zoomster Posted February 26, 2008 ID:13808 Share Posted February 26, 2008 I run scans with ESET, SAS, ThreatFire and Malwarebytes.....Today I ran ESET, Threatfire and SAS and they came up with clean reports.At the same time, I run Malwarebytes, it comes up with the following infection reports:Files Infected:C:\WINDOWS\9129837.exe (Rootkit.Agent) -> Quarantined and deleted successfully.Files Infected:C:\lich.exe (Rootkit.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\Temp\winlogon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.C:\Documents and Settings\Application Data\Microsoft\Windows\oohsbn.exe (Trojan.Agent) -> Quarantined and deleted successfullyThese infection reports came up each time I ran Malwarebytes....in the space of 1 hour...that is 4 reports, 4 different types of infections.Are they for real? I use the resident full version of malwarebytes. The three other programs can find nothing.Can someone please help?Thanks in anticipation Link to post Share on other sites More sharing options...
Staff nosirrah Posted February 26, 2008 Staff ID:13826 Share Posted February 26, 2008 All of that looks like malware .I added a lot defs recently that were installed at those locations Can you please update , scan and post a fresh log . Link to post Share on other sites More sharing options...
zoomster Posted February 26, 2008 Author ID:13854 Share Posted February 26, 2008 I run scans with ESET, SAS, ThreatFire and Malwarebytes.....Today I ran ESET, Threatfire and SAS and they came up with clean reports.At the same time, I run Malwarebytes, it comes up with the following infection reports:Files Infected:C:\WINDOWS\9129837.exe (Rootkit.Agent) -> Quarantined and deleted successfully.Files Infected:C:\lich.exe (Rootkit.Agent) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\Temp\winlogon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.C:\Documents and Settings\Application Data\Microsoft\Windows\oohsbn.exe (Trojan.Agent) -> Quarantined and deleted successfullyThese infection reports came up each time I ran Malwarebytes....in the space of 1 hour...that is 4 reports, 4 different types of infections.Are they for real? I use the resident full version of malwarebytes. The three other programs can find nothing.Can someone please help?Thanks in anticipationHere is today's scan with the latest Malwarebytes.....I do not use this computer for surfing.ThanksMalwarebytes' Anti-Malware 1.05Database version: 410Scan type: Quick ScanObjects scanned: 29768Time elapsed: 4 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\krag.exe (Worm.Dorcrag) -> Quarantined and deleted successfully.C:\WINDOWS\system32\firefoxV2.exe (Worm.Rbot) -> Quarantined and deleted successfully.C:\WINDOWS\system32\CcEvtSvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService\Local Settings\Application Data\cftmon.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted February 26, 2008 Root Admin ID:13855 Share Posted February 26, 2008 Do you use Comodo Firewall by any chance? Link to post Share on other sites More sharing options...
zoomster Posted February 26, 2008 Author ID:13862 Share Posted February 26, 2008 Do you use Comodo Firewall by any chance?Hi RD,I use ESET Security Suite.Best Regards Link to post Share on other sites More sharing options...
zoomster Posted February 26, 2008 Author ID:13863 Share Posted February 26, 2008 Hi RD,I use ESET Security Suite.Best RegardsHowever, I used to have Comodo.....which, I uninstalled 2 months ago Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted February 27, 2008 Root Admin ID:13875 Share Posted February 27, 2008 zoomster, this is a known bug with Malwarebytes' Anti-Malware. It is suggested you go to the Settings tab and uncheck "Extra and heuristics scan" for the time being. The bug will be fixed this weekend. Link to post Share on other sites More sharing options...
zoomster Posted February 27, 2008 Author ID:13879 Share Posted February 27, 2008 zoomster, this is a known bug with Malwarebytes' Anti-Malware. It is suggested you go to the Settings tab and uncheck "Extra and heuristics scan" for the time being. The bug will be fixed this weekend.thx RDwill try again with your suggestionsbest regards Link to post Share on other sites More sharing options...
zoomster Posted February 27, 2008 Author ID:13883 Share Posted February 27, 2008 thx RDwill try again with your suggestionsbest regardsdid two more scans....no infections this time...thx Link to post Share on other sites More sharing options...
JeanInMontana Posted February 28, 2008 ID:14005 Share Posted February 28, 2008 Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts