Jump to content

MBAM keeps finding an inexistant infection!

Recommended Posts

I was recently infected with a rootkit which mbam found and deleted... after the cleanup my windows security center was not functional since the file rundll32.exe (which should be located in the C:/Windows/system32 folder) was missing. What I usually do in such cases is copy the file i need from the other computer at home (which is running the same OS-XP SP3) and paste it on this one... it has been working for years now (I have done that for corrupted/deleted drivers). Anyway security center opened up just fine after the copy-paste of the rundll32.exe file in the folder mentioned before. But mbam keeps finding the infections shown in the screenshot below each time i copy-paste that file. The weird thing is that i keep pasting it in the system32 folder while mbam finds these 2 infections in the windows folder... WHICH ACTUALLY DONT EXIST as you can see in the screenshot!!! (i have enabled the option to show hidden files just in case). Whenever i let mbam delete those files security centre doesn't work and mbam then finds nothing in the next scan. Whenever i restore the rundll32.exe file on system32 folder mbam keeps finding those 2 infections in the windows folder. The spesific file i restore from that other computer is 100% malware clean according to virustotal. Can anybody help me out?


Link to post
Share on other sites


At minimum, this pc has a re-infector, and a very likely rootkit leftover.

I urge you to get guided expert help in the Malware Removal forum.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please post there Gmer.txt log

the DDS logs

Don't post your logs here.

P.S. Your Windows XP would normally have a Rundll32.exe in \Windows\System32 (or \WINNT\System32)

It would have no such rundll.exe

Again, it is highly likely it's got a rootkit infection onboard. Follow the topic instructions I noted.

The Gmer log would give us the best picture of what is onboard.

Edited by Maurice Naggar
notation added
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.