Jump to content

FP oembios.dat?

Monkeys

By Monkeys
in File Detections

 Share

Recommended Posts

Monkeys

Monkeys

Posted
Posted

Hey, just did a scan with the new DB version. Was clean with a quick scan earlier.

Malwarebytes' Anti-Malware 1.25

Database version: 1083

Windows 5.1.2600 Service Pack 2

5:27:15 PM 24/08/2008

mbam-log-08-24-2008 (17-27-06).txt

Scan type: Full Scan (C:\|)

Objects scanned: 110481

Time elapsed: 21 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\oembios.dat (Trojan.Agent) -> No action taken.

Virus Total result: 0/36.

False positive?

Link to post
Share on other sites
melboy

melboy

Posted
Posted

Developers log, if needed.

Malwarebytes' Anti-Malware 1.25

Database version: 1083

Windows 5.1.2600 Service Pack 3

21:51:55 24/08/2008

mbam-log-08-24-2008 (21-51-42).txt

Scan type: Quick Scan

Objects scanned: 48160

Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\oembios.dat (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761564247374856526184908485707820196

18070786774808415696685]

Link to post
Share on other sites
Bosnine

Bosnine

Posted
Posted

Hi, this is a first time post. Today has been a day of false positives. I ran the program and also obtained the false positive on oembios.dat. However, unlike other users, my program quarantined and deleted the file. What steps if any should I take to restore this file? Thank you for your time and assistance.

Copy of scan log.

Malwarebytes' Anti-Malware 1.25

Database version: 1083

Windows 5.1.2600 Service Pack 3

5:51:05 PM 8/24/2008

mbam-log-08-24-2008 (17-51-05).txt

Scan type: Full Scan (C:\|)

Objects scanned: 101749

Time elapsed: 46 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\oembios.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites
melboy

melboy

Posted
Posted
Hi, this is a first time post. Today has been a day of false positives. I ran the program and also obtained the false positive on oembios.dat. However, unlike other users, my program quarantined and deleted the file. What steps if any should I take to restore this file? Thank you for your time and assistance.

hi Bosnine and welcome ;)

See posts #1 - #5 here:

http://www.malwarebytes.org/forums/index.php?showtopic=5778

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

Windows has a safty net that allows booting to safemode while a system is not activated . Tap F8 while booting and select safemode , log into your regular account . From here either restoring that file from quarentine or running system restore to the day before this problem should undo it .

Link to post
Share on other sites
jscottpanama

jscottpanama

Posted
Posted
Windows has a safty net that allows booting to safemode while a system is not activated . Tap F8 while booting and select safemode , log into your regular account . From here either restoring that file from quarentine or running system restore to the day before this problem should undo it .

The Quarantine was empty due to the delete, but when I logged into safemode, I was able to find the oembios.dat file in the system32 folder that was supposedly deleted! Weird! The System Restore didn't help when I went to two previous points.

I am still stuck at "checking connectivity".

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

Boot into safemode again .

Click start , run and type :

%systemroot%\system32\oobe\msoobe.exe /a

^^ note the space before the /a^^

This will bring up the activation window . Select activate by phone . The process is self explanitory and you have a good chance of activating without even talking to an operator . If you do need to talk to an operator tell them that you are reactivating after a problem with oembios.dat file .

Link to post
Share on other sites
Bosnine

Bosnine

Posted
Posted
hi Bosnine and welcome ;)

See posts #1 - #5 here:

http://www.malwarebytes.org/forums/index.php?showtopic=5778

melboy, thanks for the warm welcome. :)

I reviewed your link. My experience was like jscottpanama. Malwarebytes quarantined and deleted the false positive. It didn't save a copy in quarantine for me to restore.

I had two false positives yesterday. The other was with AVG 7.5. I was able to restore that one. With Malwarebytes, I decided to attempt a system restore to the previous day. I encountered the same kind of validation problems as jscottpanama. I entered the Microsoft CoA key code from my label and Windows XP did not accept it. I basically had to follow up on the telephone activation option. After some tediousness, I was able to enter a code to log into XP. The system restore was successful as well. Although I didn't see that oembios.dat was restored to the System 32 folder. The problem did mess up my AVG 7.5. I had to upgrade to AVG 8.0 which I had to do anyway.

I take it that oembios.dat is related to the windows authentication process. My question would be does it serve any other purpose? It seems I can log on okay. Should I just leave it where it is.

I appreciate all the posts on the thread. Posts by yourself, ky331 and nosirrah have been very helpful.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.