Jump to content

Can't post reply

v.tew

By v.tew
in Malwarebytes for Windows

 Share

Recommended Posts

v.tew

v.tew

Posted
  • Author
Posted
Well doesn't make sense that you can post here but not in other topic.

Please delete your cache and cookies from Internet Explorer and try again.

Did you run Avenger as asked?

I agree it makes no sense that I can post this topic but not reply to others. I've tried from two machines. I will try deleting cache and reposting to logs.

The quick summary: Avenger did not find the file (mrxdavv.sys) and didn't find any root kits. MBAM still identifies the file but cannot delete it.

Link to post
Share on other sites
v.tew

v.tew

Posted
  • Author
Posted
I'm betting that it's not there and that it is a False Positive for MB.

What causes MB to report a file name that doesn't exist? I've search every which way I know how for the file and I can't find it.

But if I connect to the net I get reinfected instantly. Actually I didn't this morning when I updated MB, but I was on maybe 15 seconds.

Would it help if I connect to the internet, browse the MB site, update MB, etc. and when I get infected send you a log before I have MB delete everything?

Please post the Avenger log here.

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "C:\WINDOWS\System32\drivers\mrxdavv.sys" not found!

Deletion of file "C:\WINDOWS\System32\drivers\mrxdavv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Do you have CD burner on another system where you can download and run a Service Pack update?

Normally I wouldn't do an install of anything during a scan and clean process but in your case I think it might help us some.

Please download and burn this Service Pack for Windows XP to a CD and take it to the other system and install it.

XP Service Pack 3

Link to post
Share on other sites
v.tew

v.tew

Posted
  • Author
Posted
Please download and burn this Service Pack for Windows XP to a CD and take it to the other system and install it.

I'll try that tonight.

Back on topic: Something in the HJT log is causing my reply problem. I can build up a reply with the Avenger and MB logs and preview it successfully. But when I paste in the HJT log, then I get the error when trying to preview.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Okay, try zipping and attaching the zip file to the post. (we don't normally like this, but since normal method isn't working for you)

Please run new MB Quick Scan - do not skip FIX, meaning make sure you tell MB to fix it. On reboot you can find the log in the LOG tab for posting.

Then make sure you reboot, then do a new HJT scan only and post back both logs. Zip and attach if you need to.

Link to post
Share on other sites
v.tew

v.tew

Posted
  • Author
Posted
Back on topic: Something in the HJT log is causing my reply problem.

Here's the entry causing the 'cannot reply' problem. I inserted the space before etc in the URL to be able to post it:

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwlc.ops.placeware.com/ etc/place/LIMA/SCLpws-c2/5.1.7.413/lib/quicksilver.cab

Take the space out and I cannot post this message.

Link to post
Share on other sites
GT500

GT500

Posted
Posted
I'm getting this message when trying to reply to this thread:

Method Not Implemented

POST to /forums/index.php not supported.

I was getting that earlier as well. I assume it's OK now. Marcin was away, and not aware of the issues. We'll see if everything is OK now.

Link to post
Share on other sites
JimW

JimW

Posted
Posted
Here's the entry causing the 'cannot reply' problem. I inserted the space before etc in the URL to be able to post it:

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - hxxp://scpwlc.ops.placeware.com/ etc/place/LIMA/SCLpws-c2/5.1.7.413/lib/quicksilver.cab

Take the space out and I cannot post this message.

Tim, thank you. That was a very subtle problem in our web application level firewall's rules. Because of your careful isolation of the problem, it's now fixed.

Jim

Link to post
Share on other sites
JimW

JimW

Posted
Posted

Goldhound, your IP address was last blocked on 04/Oct/2008:20:42:35 +0000. I don't see any entries for your IP address after that.

Apparently all is well now, because you were able to post successfully. Is all OK now?

Jim

Link to post
Share on other sites
goldhound

goldhound

Posted
Posted
Goldhound, your IP address was last blocked on 04/Oct/2008:20:42:35 +0000. I don't see any entries for your IP address after that.

Apparently all is well now, because you were able to post successfully. Is all OK now?

Jim

Yes all is well and thank you, just was an odd situation with that message. I understand member approval by admin as i have done that on my forum, did not express that way and i reckoned you had a temporary problem.

Its all good :)

Link to post
Share on other sites
JimW

JimW

Posted
Posted

There's a particular class of security-related errors that we're using the "501/Method Not Implemented" error for. The message can occur for several conditions, but all are serious security problems - unless, of course, they're false positives, like this one was.

Thanks for your patience!

Jim

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.