Another "ghost" file detected by MBAM

[dlb]

It appears that MBAM has another file that it "ghosts", just like the GAMEVANCE DLL file that is not to be found anywhere on the PC, MBAM is flagging RLLS64.DLL which is a file from Relevant Knowledge adware/spyware. I have performed exhaustive searches (both hard drive and registry) and the file RLLS64.DLL is not on the PC. Screenshot attached....

When are the fine folks at MalwareBytes going to fix this bug? I have only seen this happen with the Gamevance infection and now the Relevant Knowledge infection. I have also removed both Gamevance and Relevant Knowledge from Add/Remove Programs prior to scanning with MBAM, but it still "ghosts" the file even though it's not there.

[exile360]

Greetings

Please do the following:

Fix Detection of Files That do Not Exist in Windows Vista and Windows 7:

Note: This fix will not work to correct any similar issues on Windows XP nor should it be run on any operating systems besides Windows Vista or Windows 7.

• Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
  

  @echo off
  net stop SysMain
  sc config SysMain start= disabled
  shutdown -r -t 10
  del /f /q %0

  Once you've done that click on File and select Save As...
  

• In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  
• Name the file Fix 1.bat (the .bat extension is very important)
  
• Save the file to your desktop but DO NOT run it yet
  
• Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):
  

  @echo off
  del /f /q /a /s "%windir%\Prefetch"
  sc config SysMain start= auto
  net start SysMain
  del /f /q %0

  
  

• In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  
• Name the file Fix 2.bat (the .bat extension is very important)
  
• Save the file to your desktop but DO NOT run it yet
  
• Right-click on Fix 1.bat and select Run as administrator then click Continue at the User Account Control prompt.
  
• Your PC will automatically restart after it runs so be sure to save anything you were working on before running it.
  
• Once your PC starts up again, right-click on Fix 2.bat and select Run as administrator then click Continue at the User Account Control prompt.
  
• The issue should now be resolved.
  

Please let me know if the issue is now corrected or not.

Thanks

[noknojon]

Relevant Knowledge is one of those applications that come bundled with "freeware" apps like KC Software's SUMO and others. Relevant Knowledge is collecting and monitoring information about you and sometimes displays surveys. Relevant Knowledge is considered to be to be spyware.

This is from another Malware removal Forum -

They consider Relevant Knowledge as a 'genuine' program , but it is flushed with 'advertising and spyware items that can remain after deletion -

Thank You -

[exile360]

Hello again dlb

Did the above solve the issue or are you still seeing the detections?

[dlb]

Sorry, it took me a couple days to get back here..... I just applied the fixes as described, and so far, so good! They seem to have done the job! THANKS A MILLION!!! I've saved the files to my flash drive because I've had this same scenario happen numerous times (I have a couple threads here in the MBAM forums about this issue also). So, now that I have these BAT files, I can take care of the false GAMEVANCE and RELEVANTKNOWLEDGE ghostings....

THANKS AGAIN!!!

[exile360]

You're most welcome, and thanks for giving me a status update

The cause of the issue is that even after the threats are removed, Windows Vista and Windows 7 are keeping copies of them in the Prefetch folder for their processes to get pre-loaded into memory by SuperFetch. When these processes get mapped/pre-loaded to memory, MBAM will detect them because it looks like the threats are actually trying to execute.

Also keep in mind that this fix does not apply in any way shape or form to Windows XP or Windows 2000. If you have any similar issues on either of those two operating systems, this isn't the reason and this fix will not work.