malware destroyer Posted November 30, 2010 ID:353462 Share Posted November 30, 2010 i had a file being flaged up as saying it was a trojan when i scaned with mbam 1.46 but everytime i tryed to remove it mbam would crash and i looked where it said the file was but it was not there and when i upgraded to mbam 1.50 i removed the file which is QurantiePrivate.dll from the ignore list as i got told to make a bat to check the file as i reported it as a fp but now i have scanned with mbam 1.50 and it said that it found a rogue but this is a clean install of windows to 64 bit and i know im not infected and i dont have that rogue that mbam detected on my laptop but what im confused about is that it manged to remove it even though the file does not exsit im posting the log to and i did check where it is stated before removel to see if it was there and it was not Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5216Windows 6.1.7600Internet Explorer 8.0.7600.1638530/11/2010 09:44:04mbam-log-2010-11-30 (09-44-04).txtScan type: Full scan (C:\|)Objects scanned: 220467Time elapsed: 28 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Quarantined and deleted successfully.Files Infected:c:\program files\dvd maker\en-US\dvdmaker.exe.mui (Trojan.Agent.Gen) -> Not selected for removal.c:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_102a16b698e56faf\dvdmaker.exe.mui (Trojan.Agent.Gen) -> Not selected for removal. Link to post Share on other sites More sharing options...
malware destroyer Posted November 30, 2010 Author ID:353467 Share Posted November 30, 2010 even more odd i just checked the qrantine in mbam and nothing is there which is strange Link to post Share on other sites More sharing options...
malware destroyer Posted November 30, 2010 Author ID:353731 Share Posted November 30, 2010 and i have done another scan and it stll gets detected but the folder does not exist Link to post Share on other sites More sharing options...
Spec-V Posted December 1, 2010 ID:353994 Share Posted December 1, 2010 Hi malware destroyer,Please run CHKDSK to make sure your HDD is error free (http://www.w7forums.com/use-chkdsk-check-disk-t448.html).Then, temporarily disable all anti-virus or other security software.After that, obtain a developer log:1. Open Malwarebytes and update(this is crucial), then close Malwarebytes.2. Click Start>>select Run>>>type mbam.exe /developer3. Save and attach the developer log here.Thanks. Link to post Share on other sites More sharing options...
malware destroyer Posted December 1, 2010 Author ID:354000 Share Posted December 1, 2010 i have done that not long ago i reagulary check for errors and my system is fine and now its not getting detected and its done this before then it gets detected again another day its like it has a mind of its own and do you want me to still do a devoloper scan ? Link to post Share on other sites More sharing options...
Spec-V Posted December 1, 2010 ID:354002 Share Posted December 1, 2010 Do you by any chance running any kind of system management software (eg. Kaseya client) on the laptop? Most of the time these kind of software also come with their own security software, which might interfere with the scan.Yes, please run a developer scan.Please make sure all security software are disabled temporarily before that.Thanks. Link to post Share on other sites More sharing options...
malware destroyer Posted December 1, 2010 Author ID:354005 Share Posted December 1, 2010 no all i have if office 2010,system mechanic 10,mbam and sandboxie and virtualbox thats it and doing dev scan now Link to post Share on other sites More sharing options...
malware destroyer Posted December 1, 2010 Author ID:354019 Share Posted December 1, 2010 here is the log it didn find anything which is strange but like i have said its done this before then reapperd Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5221Windows 6.1.7600Internet Explorer 8.0.7600.1638501/12/2010 01:44:50mbam-log-2010-12-01 (01-44-50).txtScan type: Full scan (C:\|)Objects scanned: 220070Time elapsed: 14 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Spec-V Posted December 1, 2010 ID:354401 Share Posted December 1, 2010 Thanks for the developer log.How often do you get the Rogue.AntiVirusPC2009 detection?Let's get another developer log without disabling any security software (just like how you normally boot up and use the system).Thanks. Link to post Share on other sites More sharing options...
malware destroyer Posted December 1, 2010 Author ID:354494 Share Posted December 1, 2010 well when i had mbam 1.46 it was near on all the time till i added it to the ignore list that was the detection of QurantinePrivate.dll then i upgraded to mbam 1.50 and removed it from the ignore list to see if it was a bug with 1.46 to see if it would get detected in 1.50 and instead i got the rogue instead so i was like thats odd and it normal gets detected near on all the time but i dont know why its not now and here is the other dev scanMalwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5228Windows 6.1.7600Internet Explorer 8.0.7600.1638501/12/2010 19:27:36mbam-log-2010-12-01 (19-27-36).txtScan type: Quick scanObjects scanned: 146864Time elapsed: 4 minute(s), 13 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
malware destroyer Posted December 2, 2010 Author ID:355160 Share Posted December 2, 2010 just turned on my computer and it updated mbam then did a flash scan and it detected it again here is the logMalwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5234Windows 6.1.7600Internet Explorer 8.0.7600.1638502/12/2010 19:58:45mbam-log-2010-12-02 (19-58-45).txtScan type: Flash scanObjects scanned: 116022Time elapsed: 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal.c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal.Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Spec-V Posted December 3, 2010 ID:355686 Share Posted December 3, 2010 When you get that detection again, obtain a developer log:1. Open Malwarebytes and update(this is crucial), then close Malwarebytes.2. Click Start>>select Run>>>type mbam.exe /developer3. Save and attach the developer log here.Also, download OTL to your Desktop:http://oldtimer.geekstogo.com/OTL.exeDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. OTL should now start. Change the following settings Change Drivers to All Change Standard Registry to All Under File Scans, change File age to 30Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.Please attach these 2 files in your next reply.Thanks. Link to post Share on other sites More sharing options...
malware destroyer Posted December 4, 2010 Author ID:355889 Share Posted December 4, 2010 here are the logs Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5241Windows 6.1.7600Internet Explorer 8.0.7600.1638504/12/2010 00:55:42mbam-log-2010-12-04 (00-55-42).txtScan type: Flash scanObjects scanned: 116248Time elapsed: 22 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal. [d2a71afad42c05fb5b7ab21d15edde22]c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Not selected for removal. [a1d88b89c23e2ad621b4e8e7eb17bc44]Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
icweng Posted December 5, 2010 ID:356451 Share Posted December 5, 2010 I have the same problems as malware destroyer for 1.50 run. I could not remember I have the Rogue.AntivirusPC2009 infected folder message when run 1.46 version. The message comes out Every time when I run quick scan or other scans. I followed as instruction to run the hard drive check (it's fine) and run the Malwarebyte.exe/developer w/ and w/o other security softwares and the logs are all the same except the numbers of file scannned is small difference. I also attach OTL.exe runs for your review. Thanks, Malwarebytes' Anti-Malware 1.50www.malwarebytes.orgDatabase version: 5245Windows 6.1.7600Internet Explorer 8.0.7600.1638512/4/2010 10:16:42 PMmbam-log-2010-12-04 (22-16-28).txtScan type: Quick scanObjects scanned: 155553Time elapsed: 1 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> No action taken.c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> No action taken.Files Infected:(No malicious items detected)Extras.TxtOTL.Txt Link to post Share on other sites More sharing options...
icweng Posted December 5, 2010 ID:356457 Share Posted December 5, 2010 Attach is my scan results Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 5, 2010 Staff ID:356541 Share Posted December 5, 2010 Guys, this may be an incompatibility issue with Comodo Internet Security and Malwarebytes.I don't know what option in Comodo is actually responsible for this, but it looks like Comodo maintains a blacklist of known malware folders (or something that can be manually configured). Maybe this is a part of its sandbox, maybe not...In anyway, the folders malwarebytes detects are not actually there. It's Comodo which is responsible for these "ghost" folders, probably as a part of their defense protection or sandbox, this probably to prevent the creation of these folders in the first place. And because of this behavior, it makes malwarebytes believe those folders are there, thus it reports them as infected.Or, Comodo intercepts the enumeration of malwarebytes scan, compares with its own blacklist database, and acts as a block here.. and because of that, it confuses malwarebytes scan and makes malwarebytes believe those folders are actually there.We've had similar reports before already and uninstalling and reinstalling Comodo seems to have solved these "ghost" detections by Malwarebytes.Also, it may be an idea to disable Comodo during a malwarebytes scan, this to see if it's still detecting the same. Link to post Share on other sites More sharing options...
icweng Posted December 5, 2010 ID:356603 Share Posted December 5, 2010 The question is that I had removed Comdo long time ago and the Rugue message just appears recently while I run 1.50. Do you still think they are related each other? Link to post Share on other sites More sharing options...
malware destroyer Posted December 5, 2010 Author ID:356656 Share Posted December 5, 2010 can the developers try and fix this in the next relase maybe? Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 5, 2010 Staff ID:356745 Share Posted December 5, 2010 The question is that I had removed Comdo long time ago and the Rugue message just appears recently while I run 1.50. Do you still think they are related each other?According to your OTL log, there are still many Comodo components loaded and active there. Also, Comodo Internet Security still appears to be listed in add & remove programs. Link to post Share on other sites More sharing options...
ph.nex Posted December 5, 2010 ID:356749 Share Posted December 5, 2010 for my observation... comodo is not very good protection... i already used it in the past ... and then detect so many files that only comodo only can detect it ... maybe they have conflict each other with malwarebytes.... try to remove the comodo... for me... use only one protection to no more problem... malwarebytes is a very good protection... Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now