Jump to content
Sign in to follow this  
Andy Spragg

Rogue.sysCleaner

Recommended Posts

Evening folks,

It's been so long since MBAM reported finding anything that when it does my instinctive response is "Oh, it must be a false positive" ... tonight it reported two finds, both labelled Rogue.sysCleaner. One is a virtual device driver, memman.vxd in c:\windows\system32, the other is an associated registry key. Avast! finds no cause for concern with memman.vxd, nor does http://virusscan.jotti.org - so it does look like it's a false positive. I have Ignored them, pending definitive guidance from here.

Andy

Share this post


Link to post
Share on other sites
We will need to get the log and if possible a zipped copy of the file in question to verify for you Andy.

http://forums.malwarebytes.org/index.php?showtopic=3228

Whoops, sorry, forgot about the rules of engagement, been so long since I stuck my head in this particular subforum. I uploaded the zipped file, and here's the log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4584

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09/09/2010 23:18:39

mbam-log-2010-09-09 (23-18-39).txt

Scan type: Quick scan

Objects scanned: 170159

Time elapsed: 27 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> No action taken. [189A7E0494DACBB3486AC6D04F329665]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\memman.vxd (Rogue.sysCleaner) -> No action taken. [189A7E0494DACBB3486AC6D04F329665]

memman.zip

Share this post


Link to post
Share on other sites

sorry to bump this, just came across this thread when googling rogue.syscleaner

I too have OP's issue. It's been so long since anything has ever been flagged up I was caught by surprise. I have the same two entries, both rogue.syscleaner.

When I google rogue.syscleaner it does seem to be a real threat, it's a false anti-virus which can cause pop-ups, install trojans etc. However I've had none of the symptoms various virus warning sites say you get when infected with this, nonetheless malwarebytes obviously thinks I have it.

I thought Registry Values were bad to mess with so when scanned I didn't press remove selected, just closed it.

So are these false positives or not, I'm a tad confused...

any info would be great, cheers, Joe.

Share this post


Link to post
Share on other sites
Would need a scan log to determine that.

ah I see, apologies I'm not great with this stuff. Here is the logfile..

Malwarebytes' Anti-Malware 1.41

Database version: 3222

Windows 6.0.6001 Service Pack 1

20/10/2010 23:45:01

mbam-log-2010-10-20 (23-44-58).txt

Scan type: Quick Scan

Objects scanned: 126584

Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 3222

You are so far out of date that your log contains no usable data.

Please update and scan again.

Share this post


Link to post
Share on other sites
Malwarebytes' Anti-Malware 1.41

Database version: 3222

You are so far out of date that your log contains no usable data.

Please update and scan again.

ah right. When I press check for updates I get an error...

Error code: 732 (0, 0)

Share this post


Link to post
Share on other sites

ok updated it and ran again, seems the same though...

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

22/10/2010 19:27:01

mbam-log-2010-10-22 (19-27-01).txt

Scan type: Quick scan

Objects scanned: 139259

Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken.

Share this post


Link to post
Share on other sites

Database version: 4052

The current database is 4916..

You have to update the definitions.. go to the update tab and hit update.

Share this post


Link to post
Share on other sites
Database version: 4052

The current database is 4916..

You have to update the definitions.. go to the update tab and hit update.

Ah I see sorry.

Here we go....

ah never mind, it found 0 problems...so I guess they were outdated false positives?

Share this post


Link to post
Share on other sites
Correct.. They were fixed back on this original post but with out the updated defs you would never see the correction.

Good to know, I should have realised it was out of date, I'm lazy, too used to things popping up asking me to update haha. Obviously I had some problem with my past version since I got that 732 error when trying to update.

Thanks for all the help guys. :D

Share this post


Link to post
Share on other sites

Your welcome. The paid version does update automatically. The free version you must update yourself. It's a very good idea to update before any scan. We revise definitions and add new ones multiple times per day.

Share this post


Link to post
Share on other sites
Your welcome. The paid version does update automatically. The free version you must update yourself. It's a very good idea to update before any scan. We revise definitions and add new ones multiple times per day.

wow that's bad on my part, honestly I had no idea there was a premium version. A friend recommended I install this a few years back when I had an issue(it fixed it along with combofix I believe).. I'll have to get it since this thing seems really good at picking things up some other programs can miss.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.