disPlay Posted July 8, 2010 ID:281137 Share Posted July 8, 2010 Yesterday mbam found 30 Trojans in the system32.Log is in the post.mbam_log_2010_07_08__13_32_07_.zip Link to post Share on other sites More sharing options...
nosirrah Posted July 8, 2010 ID:281149 Share Posted July 8, 2010 How did you end up with nested system32 folders?\System32\System32\ Link to post Share on other sites More sharing options...
disPlay Posted July 8, 2010 Author ID:281162 Share Posted July 8, 2010 How did you end up with nested system32 folders?\System32\System32\The strange thing is after a quick lookup and research there is no folder with the name system32 under the system32. Most of the files I scanned in virustotal and they are clean. Link to post Share on other sites More sharing options...
nosirrah Posted July 8, 2010 ID:281217 Share Posted July 8, 2010 I am confused now."no folder with the name system32 under the system32"That statement makes the following one impossible:"Most of the files I scanned in virustotal and they are clean. "We need to get on the same page here as what you posted is telling me that you are checking files from a folder that you cant find. Link to post Share on other sites More sharing options...
disPlay Posted July 8, 2010 Author ID:281259 Share Posted July 8, 2010 I am confused now."no folder with the name system32 under the system32"That statement makes the following one impossible:"Most of the files I scanned in virustotal and they are clean. "We need to get on the same page here as what you posted is telling me that you are checking files from a folder that you cant find.under the System 32 there are that files. I don't have 2 folders with the same name I only have one with that name. and the files are inside them. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 9, 2010 Root Admin ID:281443 Share Posted July 9, 2010 Please post a new post here with your log and send me a Private Message when ready: http://forums.malwarebytes.org/index.php?showforum=7I will assist you at looking into this further.Thank you. Link to post Share on other sites More sharing options...
casy Posted July 9, 2010 ID:281740 Share Posted July 9, 2010 Sorry for my bad English (automatic translation by Google)I have the same problem on the same files, this evening. MBAM shows the path C:\windows\system32\system32\ but on the disk the real path is c:\windows\SysWOW64\system32 (Win 7 64 bits).It is possible that these files are from installation of Samsung Kies (I made an update today), but I'm not sure. Link to post Share on other sites More sharing options...
disPlay Posted July 9, 2010 Author ID:281766 Share Posted July 9, 2010 Attached.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 9, 2010 Root Admin ID:281848 Share Posted July 9, 2010 This is not the forum where I wanted you to run the logs. I'll take a look and see but if we need to continue then you'll need to create a post in the other forum please.Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2010 Root Admin ID:281855 Share Posted July 10, 2010 Sorry for my bad English (automatic translation by Google)I have the same problem on the same files, this evening. MBAM shows the path C:\windows\system32\system32\ but on the disk the real path is c:\windows\SysWOW64\system32 (Win 7 64 bits).It is possible that these files are from installation of Samsung Kies (I made an update today), but I'm not sure.Can both of you please run the following.Click on the start button and type in CMD on the search bar and when it shows up click to run it. Then type the following exactly.set >"%USERPROFILE%\DESKTOP\MYVARS.TXT"That will put a copy of your environment variables in a text file on your desktop named: MYVARS.TXT please attach that on your next reply.Then if you can please zip up a copy of that Samsung installer you're using if it's not too large so that we can test it out as well and see what's going on. Link to post Share on other sites More sharing options...
casy Posted July 10, 2010 ID:281922 Share Posted July 10, 2010 Can both of you please run the following.Click on the start button and type in CMD on the search bar and when it shows up click to run it. Then type the following exactly.set >"%USERPROFILE%\DESKTOP\MYVARS.TXT"That will put a copy of your environment variables in a text file on your desktop named: MYVARS.TXT please attach that on your next reply.Then if you can please zip up a copy of that Samsung installer you're using if it's not too large so that we can test it out as well and see what's going on.Here are my environment variablesThe installer Samsung Kies is a little large (148 MB) but can be downloaded at this link:http://www.samsung.com/fr/support/download...=MULTI+LANGUAGEMYVARS.TXT Link to post Share on other sites More sharing options...
disPlay Posted July 10, 2010 Author ID:281971 Share Posted July 10, 2010 The installer is the same as the casy posted.There is my MYVARS.TXT Link to post Share on other sites More sharing options...
disPlay Posted July 10, 2010 Author ID:281972 Share Posted July 10, 2010 Sorry for doing another reply but I got and error after posting.Here is it.MYVARS.TXT Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 11, 2010 Root Admin ID:282608 Share Posted July 11, 2010 Thanks - it will probably be a few days before I can check this. I'll need to build an x64 VM image to test as I have time. The download site is very slow for this file. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 12, 2010 Root Admin ID:283218 Share Posted July 12, 2010 We have tracked down the issue. It appears that Samsung's installer is not properly installing the files.When a 32 Bit program does an install on a 64 Bit Operating System (which is the case here) then those files which normally would go to C:\Windows\System32 folder will now go to C:\Windows\SysWOW64 but in this case Samsung is directing them to C:\Windows\SysWOW64\system32 and this is where the FP is being caused.Due to an invalid installation method by Samsung you will need to either see if you can write to Samsung and get it corrected or maybe post on their support board. Until, or if you'd rather, you can simply add each of those files to your IGNORE list and then they will no longer be detected.Further information on how the WOW64 operates can be found here Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now