Jump to content

Recommended Posts

i had a file being flaged up as saying it was a trojan when i scaned with mbam 1.46 but everytime i tryed to remove it mbam would crash and i looked where it said the file was but it was not there and when i upgraded to mbam 1.50 i removed the file which is QurantiePrivate.dll from the ignore list as i got told to make a bat to check the file as i reported it as a fp but now i have scanned with mbam 1.50 and it said that it found a rogue but this is a clean install of windows to 64 bit and i know im not infected and i dont have that rogue that mbam detected on my laptop but what im confused about is that it manged to remove it even though the file does not exsit im posting the log to and i did check where it is stated before removel to see if it was there and it was not

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5216

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

30/11/2010 09:44:04

mbam-log-2010-11-30 (09-44-04).txt

Scan type: Full scan (C:\|)

Objects scanned: 220467

Time elapsed: 28 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.

c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\dvd maker\en-US\dvdmaker.exe.mui (Trojan.Agent.Gen) -> Not selected for removal.

c:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_102a16b698e56faf\dvdmaker.exe.mui (Trojan.Agent.Gen) -> Not selected for removal.

Link to post
Share on other sites

Hi malware destroyer,

Please run CHKDSK to make sure your HDD is error free (http://www.w7forums.com/use-chkdsk-check-disk-t448.html).

Then, temporarily disable all anti-virus or other security software.

After that, obtain a developer log:

1. Open Malwarebytes and update(this is crucial), then close Malwarebytes.

2. Click Start>>select Run>>>type mbam.exe /developer

3. Save and attach the developer log here.

Thanks.

Link to post
Share on other sites

i have done that not long ago i reagulary check for errors and my system is fine and now its not getting detected and its done this before then it gets detected again another day its like it has a mind of its own and do you want me to still do a devoloper scan ?

Link to post
Share on other sites

Do you by any chance running any kind of system management software (eg. Kaseya client) on the laptop? Most of the time these kind of software also come with their own security software, which might interfere with the scan.

Yes, please run a developer scan.

Please make sure all security software are disabled temporarily before that.

Thanks.

Link to post
Share on other sites

here is the log it didn find anything which is strange but like i have said its done this before then reapperd

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5221

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

01/12/2010 01:44:50

mbam-log-2010-12-01 (01-44-50).txt

Scan type: Full scan (C:\|)

Objects scanned: 220070

Time elapsed: 14 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

well when i had mbam 1.46 it was near on all the time till i added it to the ignore list that was the detection of QurantinePrivate.dll then i upgraded to mbam 1.50 and removed it from the ignore list to see if it was a bug with 1.46 to see if it would get detected in 1.50 and instead i got the rogue instead so i was like thats odd and it normal gets detected near on all the time but i dont know why its not now and here is the other dev scan

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5228

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

01/12/2010 19:27:36

mbam-log-2010-12-01 (19-27-36).txt

Scan type: Quick scan

Objects scanned: 146864

Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

just turned on my computer and it updated mbam then did a flash scan and it detected it again here is the log

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5234

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

02/12/2010 19:58:45

mbam-log-2010-12-02 (19-58-45).txt

Scan type: Flash scan

Objects scanned: 116022

Time elapsed: 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal.

c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal.

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

When you get that detection again, obtain a developer log:

1. Open Malwarebytes and update(this is crucial), then close Malwarebytes.

2. Click Start>>select Run>>>type mbam.exe /developer

3. Save and attach the developer log here.

Also, download OTL to your Desktop:

http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

OTL should now start. Change the following settings

Change Drivers to All

Change Standard Registry to All

Under File Scans, change File age to 30

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.

Please attach these 2 files in your next reply.

Thanks.

Link to post
Share on other sites

here are the logs

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5241

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

04/12/2010 00:55:42

mbam-log-2010-12-04 (00-55-42).txt

Scan type: Flash scan

Objects scanned: 116248

Time elapsed: 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal. [d2a71afad42c05fb5b7ab21d15edde22]

c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal. [a1d88b89c23e2ad621b4e8e7eb17bc44]

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I have the same problems as malware destroyer for 1.50 run. I could not remember I have the Rogue.AntivirusPC2009 infected folder message when run 1.46 version. The message comes out Every time when I run quick scan or other scans. I followed as instruction to run the hard drive check (it's fine) and run the Malwarebyte.exe/developer w/ and w/o other security softwares and the logs are all the same except the numbers of file scannned is small difference. I also attach OTL.exe runs for your review. Thanks,

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5245

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/4/2010 10:16:42 PM

mbam-log-2010-12-04 (22-16-28).txt

Scan type: Quick scan

Objects scanned: 155553

Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 2

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> No action taken.

c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> No action taken.

Files Infected:

(No malicious items detected)

Extras.Txt

OTL.Txt

Link to post
Share on other sites

  • Staff

Guys, this may be an incompatibility issue with Comodo Internet Security and Malwarebytes.

I don't know what option in Comodo is actually responsible for this, but it looks like Comodo maintains a blacklist of known malware folders (or something that can be manually configured). Maybe this is a part of its sandbox, maybe not...

In anyway, the folders malwarebytes detects are not actually there. It's Comodo which is responsible for these "ghost" folders, probably as a part of their defense protection or sandbox, this probably to prevent the creation of these folders in the first place. And because of this behavior, it makes malwarebytes believe those folders are there, thus it reports them as infected.

Or, Comodo intercepts the enumeration of malwarebytes scan, compares with its own blacklist database, and acts as a block here.. and because of that, it confuses malwarebytes scan and makes malwarebytes believe those folders are actually there.

We've had similar reports before already and uninstalling and reinstalling Comodo seems to have solved these "ghost" detections by Malwarebytes.

Also, it may be an idea to disable Comodo during a malwarebytes scan, this to see if it's still detecting the same.

Link to post
Share on other sites

  • Staff
The question is that I had removed Comdo long time ago and the Rugue message just appears recently while I run 1.50. Do you still think they are related each other?
According to your OTL log, there are still many Comodo components loaded and active there. Also, Comodo Internet Security still appears to be listed in add & remove programs.
Link to post
Share on other sites

for my observation... comodo is not very good protection... i already used it in the past ... and then detect so many files that only comodo only can detect it ... maybe they have conflict each other with malwarebytes.... try to remove the comodo... for me... use only one protection to no more problem... malwarebytes is a very good protection...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.