Jump to content

Virus.Madang Problem !


MAM

Recommended Posts

Hello, i have here a Virus.Madang Problem with MBAM 1.50.

Some times detect MBAM this crap, and some times not, why ?!

Here a older Log from MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5489

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09.01.2011 21:21:57

mbam-log-2011-01-09 (21-21-56).txt

Scan type: Full scan (C:\|I:\|)

Objects scanned: 194973

Time elapsed: 40 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

i:\websecure.exe (Virus.Madang) -> No action taken. [b2bfc352e61a17e97a2094d7768a7a86]

i:\X\websecure.exe (Virus.Madang) -> No action taken. [4b2673a2ae528d735b3f72f9e41cf907]

And a newer Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5503

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11.01.2011 16:40:30

mbam-log-2011-01-11 (16-40-26).txt

Scan type: Full scan (C:\|I:\|J:\|)

Objects scanned: 198665

Time elapsed: 40 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{0102ad5b-dcc9-49c2-b7d1-11c730d52c94}\RP182\A0091147.exe (Trojan.Downloader) -> No action taken. [354a1bfae719c33d3858aa8ab253d22e]

c:\system volume information\_restore{0102ad5b-dcc9-49c2-b7d1-11c730d52c94}\RP182\A0091150.exe (Trojan.Downloader) -> No action taken. [e39c849157a9649c2e623cf82fd67a86]

c:\system volume information\_restore{0102ad5b-dcc9-49c2-b7d1-11c730d52c94}\RP182\A0091151.exe (Trojan.Downloader) -> No action taken. [1a6575a014ec847c523e87ad45c0e719]

Some others AV programms detect this too, why MBAM some times, and some times not, i have this not deletet.

I have this samples, still on my harddrive.

I submit this Sample in the past to you.

Some pictures, for evidance.

A asking MAM ?

What

Link to post
Share on other sites

Hello, that is verry strange this Virus.Madang, and Malwarebytes' Anti-Malware ! :)

After a new scan this MBAM, flaggs this crap not. Why ?

Please read my first posting above, to understanding this issue.

Her is a fresh LOG, from Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5505

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11.01.2011 20:37:29

mbam-log-2011-01-11 (20-37-29).txt

Scan type: Full scan (C:\|I:\|J:\|)

Objects scanned: 198949

Time elapsed: 43 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

NO Virus.Madang found, can the developer Team around Malwarebytes' Anti-Malware explaining why this happened

?!

And some other Log:

Emsisoft Emergency Kit - Version 1.0

Letztes Update: 11.01.2011 20:42:18

Scan Einstellungen:

Scan Methode: Eigener Scan

Objekte: Speicher, Traces, Cookies, I:\

Archiv Scan: An

Heuristik: An

ADS Scan: An

Scan Beginn: 11.01.2011 20:43:08

C:\Dokumente und Einstellungen\Besitzer\Cookies\besitzer@com[1].txt gefunden: Trace.TrackingCookie.com!A2

I:\websecure.exe gefunden: Virus.Win32.Madang!IK

I:\X\websecure.exe gefunden: Virus.Win32.Madang!IK

Gescannt

Dateien: 3307

Traces: 419231

Cookies: 285

Prozesse: 21

Gefunden

Dateien: 2

Traces: 0

Cookies: 1

Prozesse: 0

Registry Keys: 0

Scan Ende: 11.01.2011 20:49:02

Scan Zeit: 0:05:54

That is only a sample, for evidence that have this Malware "storage" on my Harddrive :)

That was only a Example. :)

And also a evidance for MALWARE, that is the VT result, look here, http://www.virustotal.com/file-scan/report...515f-1294777925

MAM

Link to post
Share on other sites

This forum section is for reporting false detections, what false detection are you reporting?

Sorry, that i posting in wrong section.

IMHO that problem i have that Sample is on my System, not active, but MBAM detect it in the past, and now not.!

Why ?

MAM

Link to post
Share on other sites

Hello, last try, to explain my issue this Virus.Madang !

What is the diffrent, interlocutory both Malwarebytes' Anti-Malware Logs ?

Log1:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5489

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

09.01.2011 21:21:57

mbam-log-2011-01-09 (21-21-56).txt

Scan type: Full scan (C:\|I:\|)

Objects scanned: 194973

Time elapsed: 40 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

i:\websecure.exe (Virus.Madang) -> No action taken. [b2bfc352e61a17e97a2094d7768a7a86]

i:\X\websecure.exe (Virus.Madang) -> No action taken. [4b2673a2ae528d735b3f72f9e41cf907]

Log2:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5512

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

13.01.2011 18:33:16

mbam-log-2011-01-13 (18-33-16).txt

Scan type: Full scan (C:\|I:\|J:\|)

Objects scanned: 201816

Time elapsed: 40 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

--------------------------------------------------------------------------------------------------------------------------------------------

Can you see the diffrent ?

I have this Sample on my Harddrive !

Here is the Sample again.

PS: I think i have upload it in the past to you.

PSS: How can i delete Attachment space ???

MAM

Link to post
Share on other sites

No, MBAM pick up this crap by me this Database version: 5489 the first time, and after that not.

Ok here a new Log from MBAM ( but i think that is to old ), and MBAM detectet this crap not, Why ?

Log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5519

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14.01.2011 16:26:54

mbam-log-2011-01-14 (16-26-54).txt

Scan type: Full scan (C:\|I:\|J:\|)

Objects scanned: 188515

Time elapsed: 39 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MAM

Link to post
Share on other sites

Hello, this is the last result/report from MBAM, no Virus.Madang found by me !!!

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5520

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

14.01.2011 20:17:12

mbam-log-2011-01-14 (20-17-12).txt

Scan type: Full scan (C:\|I:\|)

Objects scanned: 187812

Time elapsed: 37 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And now ?

Example:

Here can you download it again, that is a *.exe !!!

That is Malware !!

Source: ~URL snipped~ download it this Sample, and examine it again !

MAM

Link to post
Share on other sites

  • Staff

I understand that its not detecting on your machine.

Its detecting fine here. So there is nothing to fix on this end.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5519

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

1/14/2011 5:07:06 PM

mbam-log-2011-01-14 (17-07-01).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Testbox\Desktop\websecure.exe (Virus.Madang) -> No action taken.

Your sample has to be corrupted is the only reason we should not pick this up any longer on your machine. what is the md5 of that sample to make sure we are scanning the same one?

This is the one i scanned:

http://www.virustotal.com/file-scan/report...515f-1294963190

Hit the showall button to see md5 information and such. This file hasn't changed since last september..

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.