Jump to content

Threats that i cant locate

jk_klyne08
 Share

Recommended Posts

jk_klyne08

jk_klyne08

Posted
Posted

Whether i performed quick or full scan.Malwarebytes pro detect this threats.When going to the address i cant locate the malicious files.if i will remove it it required a restart but i make another scan its still there.Even my KIS cant detect this threats

Here is the log from malwarebytes.

Malwarebytes' Anti-Malware 1.44

Database version: 3886

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/20/2010 7:41:08 PM

mbam-log-2010-03-20 (19-41-08).txt

Scan type: Quick Scan

Objects scanned: 119136

Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 15

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Acer\Downloads\AdobeFlashPlayerHD.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Users\Acer\downloads\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\Services.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\smss.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\Userinit.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

C:\Users\Acer\downloads\Winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Hello :huh:

Please reboot your computer into Safe Mode:

You should either print or save these instructions because in Safe Mode you don't have internet access.

Boot into Safe Mode:

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Then press Enter on your keyboard to boot into Safe Mode.

Then open Malwarebytes' Anti-Malware and perform a Quick Scan to see if these items are still detected. If they are not then please do the following to see if it resolves the problem:

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

The FAQ contains examples of setting file exclusions for some known AV products.

Please let me know how it goes.

Thanks :)

Link to post
Share on other sites
jk_klyne08

jk_klyne08

Posted
  • Author
Posted
Hello :huh:

Please reboot your computer into Safe Mode:

You should either print or save these instructions because in Safe Mode you don't have internet access.

Boot into Safe Mode:

  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Then press Enter on your keyboard to boot into Safe Mode.

Then open Malwarebytes' Anti-Malware and perform a Quick Scan to see if these items are still detected. If they are not then please do the following to see if it resolves the problem:

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

The FAQ contains examples of setting file exclusions for some known AV products.

Please let me know how it goes.

Thanks :)

When i scan on safe mode it didnt detect it.But i dont know how to exclude the files in my built in firewall because it accept only .exe files.And I dont know how to exclude in KIS firewall

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept