Possible Stealth Intrusion

[satelite41]

Greetings,

I have a problem with a possible intrusion. I am running windows XP with a personal firewall and Malwarebytes. They have been operating just fine, side by side, however I recently received a strange error message on May 15, 2010 when I turned on my computer and manually did an update for the latest definitions. Instead of the normal updating procedure, I got this error message. Here is the exact error message:

"The latest version of Malwarebytes Anti-Malware has been downloaded. Malwarebytes' Anti-Malware will now close and install the latest version." There were two buttons to click on: "OK" and "Cancel".

Because my computer has been invaded/compromised/hacked before, I decided to check online to be sure that Malwarebytes had in fact issued a new version. I found that the latest version (version 1.46, which was released on April 29, 2010), was already what I was running. In other words, there was no new version released on May 15th, as the error message stated.

So I clicked the red "X" at the top right of the error message and restarted my computer. The same thing happened again when I went to check for updates. I never did click either the OK or the Cancel buttons. (I needed to do some work on my computer on that day and didn't have time to deal with this until today - 5/18/10.) I was eventually able to update the definitions later that day and I haven't seen the error message after those two times. However I did notice an extra amount of hard-drive processing that was happening on the 15th, after I refused to answer the error message. I could not determine what my computer was so "busy" doing. I know for sure that no scans were being done that day and I checked the task manager but could not determine anything.

Today I decided to uninstall, then reinstall the program, just to be on the safe side. After uninstalling via "Add/Remove Programs" in the control panel, I still found these files on my hard drive:

MBAM.EXE-0BEE0439.pf

MBAMGUI.EXE-1286D638.pf

I know these are pre-fetch files, but after uninstalling Malwarebytes, should these still be on my comp?

Also there were two other files that included "mbam" in the file:

drwtsn32.log (I realize this is a Dr. Watson file, but should it still be on my comp?)

sessionstore.js (Irealize this is a script file from Firefox)

HijackPatrol.log - with no path name

log.txt (located in C:\rsit)

hijackthis.log (from a previous intrusion problem, which I could never resolve)

Also, there are all the mbam-log files in the C:\Documents and Settings\Application Data\Malwarebytes' Anti-Malware\Logs location.

I tried to individually delete the remaining Malwarebytes files via "Absolute File Shredder" but got the same error messge stating the same reason:

C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf Access is denied.

C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf Access is denied.

Please advise on how to completely remove and re-install the program. Thank in advance for your help.

[screen317]

Hi,

I know these are pre-fetch files, but after uninstalling Malwarebytes, should these still be on my comp?

Like you said, they are Prefetch files and Windows will delete them on its own.

With regards to the text files you referenced, they just have MBAM somewhere in that text file. That doesn't mean they're affiliated with MBAM itself.

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel (you've done this already).

2. Restart your computer (very important).

3. Download and run this utility.

4. It will ask to restart your computer (please allow it to).

5. After the computer restarts, install the latest version from here.

Note: You will need to reactivate the program using the license you were sent via e-mail if you purchased it.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!