AVG finding Trojan horse in Malware Bytes?

[Ash11]

Hi,

I had a "fake anti virus program" installed into my laptop, so to remove it I did a System Restore by going to Windows Safe mode (I am on Vista). This fake virus program was not even allowing me to run Malware Bytes, hence I had to go to System Restore.

After the System Restore (to about 10 days back) the laptop seemed to be working as normal. However, while now running a full scan on Malware Bytes, my AVG Virus scanner keeps coming up with potential threats including trojan horses and then says the location is the Malware Bytes program.

Anyone know why this might be the case and solutions to it?

Would be grateful for any help.

Thanks.

[IDKWatMNShouldBe]

Hi,

I had a "fake anti virus program" installed into my laptop, so to remove it I did a System Restore by going to Windows Safe mode (I am on Vista). This fake virus program was not even allowing me to run Malware Bytes, hence I had to go to System Restore.

After the System Restore (to about 10 days back) the laptop seemed to be working as normal. However, while now running a full scan on Malware Bytes, my AVG Virus scanner keeps coming up with potential threats including trojan horses and then says the location is the Malware Bytes program.

Anyone know why this might be the case and solutions to it?

Would be grateful for any help.

Thanks.

Hello and

Doing a system restore doesn't fully remove malware so it must be still in your laptop. I can't really think of a solution to this but what files of MBAM did it say was a trojan? And did you install a fresh MalwareBytes after the system restore? If you haven't the rogue must be blocking it... (lol im not actually sure what to say) Try installing a "new" MBAM from http://download.cnet.com/Malwarebytes-Anti...&tag=button and try unistalling the old one. I see you have AVG scanner. However, do you have an anti-virus installed? If not, It's strongly reccomended to install one even if you have MBAM alone. Here are some good ones. BitDefender and Kaspersky. If you would like a free anti-virus, install Avira from here (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html) or install Avast!. But AVG sucks anyways... I dont really have a solution (mabe combofix) but here are some tips and I'd just wait for some expert to reply.

[Ash11]

Hello and

Doing a system restore doesn't fully remove malware so it must be still in your laptop. I can't really think of a solution to this but what files of MBAM did it say was a trojan? And did you install a fresh MalwareBytes after the system restore? If you haven't the rogue must be blocking it... (lol im not actually sure what to say) Try installing a "new" MBAM from http://download.cnet.com/Malwarebytes-Anti...&tag=button and try unistalling the old one. I see you have AVG scanner. However, do you have an anti-virus installed? If not, It's strongly reccomended to install one even if you have MBAM alone. Here are some good ones. BitDefender and Kaspersky. If you would like a free anti-virus, install Avira from here (http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html) or install Avast!. But AVG sucks anyways... I dont really have a solution (mabe combofix) but here are some tips and I'd just wait for some expert to reply.

Hi,

Firstly thank you very much for your welcome and reply.

It said there was a Trojan called S.Heur and then said the location was in mbam.exe before then coming up with a list of other trojans (which I said "move to vault") and then a file called Crack.exe which it didn't let me delete.

No I haven't installed a fresh MalwareBytes but I will try doing that (incidentally the scan is still running and the number of Objects infected has risen to 2 so maybe it is spotting them?). Regarding the AVG, sorry I didn't make clear that I do have the anti virus installed (AVG) but I will try Avira.

Thanks again for your help.

[IDKWatMNShouldBe]

Hi,

Firstly thank you very much for your welcome and reply.

It said there was a Trojan called S.Heur and then said the location was in mbam.exe before then coming up with a list of other trojans (which I said "move to vault") and then a file called Crack.exe which it didn't let me delete.

No I haven't installed a fresh MalwareBytes but I will try doing that (incidentally the scan is still running and the number of Objects infected has risen to 2 so maybe it is spotting them?). Regarding the AVG, sorry I didn't make clear that I do have the anti virus installed (AVG) but I will try Avira.

Thanks again for your help.

Me again, if you want to see some differences with AVG and Avira read this topic and also read the posts. http://forums.malwarebytes.org/index.php?showtopic=48550 and do you have the MBAM pro version? If you do, I'd reccomend you to uninstall MBAM, restart your laptop, run mbamclean.exe, restart, and then install MBAM again. Why? Well in the past for me, when I uninstalled MBAM the free version and then reinstalled it, I had no problems. But when I uninstalled with the pro version and then reinstalled again, I entered my key and I had some issues with the real-time protection. Here's the link for the mbam clean but only run it if you have the pro version, and make SURE you uninstall MBAM, restart your laptop, run mbamclean.exe, restart, and then install MBAM again. http://www.malwarebytes.org/mbam-clean.exe but if you have the free version, mabe uninstall it through add or remove programs but I am not sure if it will show up there since it's a trojan... malware don't show up in the add or remove section because it would be really easy to uninstall.

[Wide_Glide]

Hello Ash11

If after the Malwarebytes' Scan has finished, you are still having issues then I suggest letting one of the Experts have a look at it to start the cleaning process. It is a FREE service

As we don't work on Malware removal in the General Malwarebytes' Anti-Malware Forum as it is for issues with the program itself,

only in the Malware Removal - HijackThis Logs section

Please read and follow the Directions Here, skipping any steps you are unable to complete. Then post a NEW Topic Here

One of the Expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

Logs to reply with:(If possible)

MBAM

DDS/GMER

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Email Notification of new messages

Also, when replying, please use the ADDREPLY button located at the bottom of the page, as this makes the forum easier to read.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or HERE

Thanks

[noknojon]

Welcome to the forum Ash11 -

Please let our experts diagnose this - Can you follow the instructions above, then we can begin to clean your problems -

Also , System restore will never Remove an infection , just delay it -

Wide Glide has left the instructions to follow -

Thank You -

[Ash11]

Hi,

Thanks to all of you for your replies and assistance. Just to update you - the Malware Bytes full scan was completed and it came up with two infections (including the Crack.exe file I mentioned in my previous post), both of which I removed and then it said it would need to restart the laptop, which I let it do. Upon restarting, fingers crossed things seem OK, the only thing now is that upon restarting, Malware Bytes is coming up on the "Blocked startup programs" list - is this something Windows does naturally or is it a sign that the malware is still there?

I will read up on the Avira v AVG link, thanks.

Regarding on what version of Malware Bytes I have, on the "About" section of my Malware Bytes it says "Malwarebytes' Anti-Malware 1.46".

Thanks once again,

Ash.

[noknojon]

Hi Ash -

The restart is very normal to remove these infections -

If you still want help you can follow the advice from Wide Glide - If you are happy just let it run for 1-2 days and see how it goes -

Thank You -

EDIT -

Please make sure you have updated your Malwarebytes to Version 4304 (current update) -

[Ash11]

Hi noknojon,

Yes I think it will let it run for 1-2 days and see how it goes. I will update the Malwarebytes to Version 4304 as you say. Also I presume that "blocked startup programs" for Malware bytes thing I mentioned is not a problem?

Thanks.

[noknojon]

No Problems -

Just update every day , Scan , and watch things -

Remember - The System Restore process will Never repair problems - Just delay them -

Regards -

EDIT - We are always here if you want those instructions later -

[Ash11]

Hi,

I have updated the Malware Bytes to 4304 now. Yes, I found that the problem that did not go with System Restore - only through running the Malware Bytes full scan it has seemed to have gone, though I will wait for 1-2 days to see if it has definitely gone or is still there.

By the way when I click "Blocked startup programs" it gives me the option of "run blocked program - Malware Bytes" - should I click on this or should I leave things as they are, and keep updating/scanning Malware Bytes every day?

Thanks.

[noknojon]

Please read This Item about AVG and see if it helps - Your AVG can detect MBAM as an unknown program at times - Just update and scan daily -

Update your AVG (I think Version 9 is current for AVG) - Ignore the other messages for now -

Thank You -

[Ash11]

Thanks, will have a look at that link.