Jump to content

Recommended Posts

Hello,

I was suspecting of malware (AVG internet security didn't find any) so I've run a full scan with Malwarebytes.

It reported 351 files, almost all of the Mismatch.Extension type.

So, I deleted the files and PC was damaged beyond repair.

Not very happy, I restored a backup from one week ago and did a new run with Malwarebytes. This time it reported 15 files, again almost all Mismatch.Extension ones.

But this time I went to search for these files and couldn't find a single one of them!

Explorer is set to show system and hidden files. CHDSK doesn't indicates cross linked files.

Win XP, SP3 and updates.

Link to post
Share on other sites

Nothing there should cause a non boot situation.

Extension Mismatch detections mean it's a executable file (exe, dll etc) but with a non executable extension. Malware normally does this to hide their files.

Can you provide some system specs like type of hard drive etc.

That was not the scan of the 351 objects detected (and deleted). That was a scan after the backup restore.

Just after deleting the 351 objects the system rebooted (by itself), After reboot there were many messages of missing DLLs, etc. and the system was very unstable. Thunderbird would not run, etc.

To me it looks like the suspect files are not what their names indicate - they are DLLs, whatever, with a fake name? Would some virus do that?

HD is a Seagate ST31000528AS partitioned in C: (50GB) and D: (remaining), both NTFS

Link to post
Share on other sites

Ok this could be a collision between security programs causing false positives. What security programs are you running like antiviruses and have you added and exclusions in any of the programs?

Main AV program (running all the time) is AVG Internet Security. When I have some suspicious activity I do a scan with Malwarebytes and Superantispyware. De-activating AVG's resident shield does not change the results.

AFAIK, no exclusions.

Link to post
Share on other sites

Can you attach one of the files. Also make sure you can copy one of the files somewhere and they are not locked in place. Every time you scan the same files are hit?

I've done full C; scans a few times. Number of suspect objects is stable at 18, files are always the same (it started at 15, increase was in restore area)

I'm attaching a log of a quick scan. There are 2 suspects in Windows\system32, both of them with a .LOG extension. Search won't find any of these files, it will find userdiif (no extension) dated 09/jul/10. but no tempkey file.

userdiff can be copied/moved freely.

I've uploaded it as a RAR archive, since direct upload was not possible. File checked clean in Virus Total.

userdiff.rar

mbam_log_2011_01_14__14_28_30_.txt

Link to post
Share on other sites

  • Root Admin

Hello JorgeO,

Please follow the directions here and when ready send me a Private Message and I'll help you out.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Hello JorgeO,

Please follow the directions here and when ready send me a Private Message and I'll help you out.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Thanks, AdvancedSetup

Looks like there's something fishy with my Windows install.

It just happens that early next week I will be upgrading to Win 7/64, Let's see how it goes and if everything goes back to normal.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.