Jump to content

F.P re: .Rar fix: /brastk. (AV2009)??


sandybeach

Recommended Posts

First Post so will be excessive I'm sure. Will Give All I Can:

Followed a Norton link to a .Rar fix for the above malware to save for possible future need:

http://net-studio.org/application/brastk.php

It downloaded perfectly w/ all 403Kb and was saved to "My Documents" where I proceeded to right click scan the file with:

1) AVG Anti-Spy 7.5

2)Malwarebytes Anti-Malware (MBAM.exe)

3)Spybot 1.6

In every case reported "nothing found" so I was happy enough!

Later that evening, as usual, I ran a full system scan w/ MBAM.exe

which returned 1 "infection" in my "settings & desktop" (?)

BrastkRemover.rar. NOT in My Docs! Perhaps it includes "my docs" as part of my "settings & desktop". I used the program to remove it to the quarantine area where I have left it.

Being confused by this strange finding (F.P.?) I went to "My Docs" and low & behold, the .Rar file was still there (not removed)!! A "Copy" appears in the quarantine. (??)!

I'm assuming this s a false positive but the not finding & then finding/ removing & not removing has me a little befuddled.

Having been suggested I post it here & see instructions for Developer version, I went back & did one which found nothing. So maybe you already fixed via update? Anyway, I've copy & pasted both the original "Infected".log & the

"clean" developer log (I hope as visually, to me, there's no indication which is developer version, might help to add distinguishing notation,for when separating from main log list). Thanks for scratching your heads on this one!!!

System info if needed just ask. :D

Infected log:

Malwarebytes' Anti-Malware 1.30

Database version: 1361

Windows 5.1.2600 Service Pack 1

11/4/2008 6:34:25 AM

mbam-log-2008-11-04 (06-34-25).txt

Scan type: Full Scan (C:\|)

Objects scanned: 80922

Time elapsed: 26 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Sandy\Desktop\ANTIVIRUS 2009 BRASTK REMOVAL.TXT (Rogue.Antivirus) -> Quarantined and deleted successfully.

***************************************

Developer Log (clean):

Malwarebytes' Anti-Malware 1.30

Database version: 1367

Windows 5.1.2600 Service Pack 1

11/5/2008 6:09:02 AM

mbam-log-2008-11-05 (06-09-02).txt

Scan type: Full Scan (C:\|)

Objects scanned: 80675

Time elapsed: 22 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Ideas?? Sandy

Edited by AdvancedSetup
removed live link
Link to post
Share on other sites

  • Root Admin

Hello Sandy and Welcome to Malwarebytes.org

This is the best plan of action for us to best help you I think.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

Hello Sandy and Welcome to Malwarebytes.org

This is the best plan of action for us to best help you I think.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

REPLY: Thank you for your reply AdvancedSetup,

I have NO REASON to believe I'm currently or recently infected. I have in the last 2 days run full scans with up to date

MBAM, SuperAntispyware, Adaware1.06SE, Spybot1.6, F-Secure Blacklight, Stinger,AVG AS 7.5, AVG Anti-Rootkit (discontinued), & completed HJT2.02 which I compared line by line with same completely clean scan from 11 months ago.

ALL Active X's are disabled, all net bios items (like printer sharing, remote help etc.) are disabled along w/ Messenger Chat etc/etc. Machine as close to 1 way out as reasonably possible.

There has been nothing found by any (not even tracking cookies) & the HJT have only 3 items changed beyond updated Sea Monkey Browser & Sun Java:

added SAS, ERUNT\AUTOBACK.EXE and recent installed change to Open DNS.

I have no symptoms of infection, nor any suspicious behavior by machine in performance,re-directed web sites or unusual activity in task mgr, CPU usage nor start-up items' nor registry items changed according to S&D TT (no alerts).

Port scans show stealth except for re-directed to nowhere url for port#113.

I only posted item as a possible F.P. as a FYI in case others have similar result on that file or in case my MBAM had become corrupt, which I have no reason to believe. Just to be safe, I'm going to delete the .Rar & it's text files which I only had as a possible future need anyway & delete whatever is in the MBAM quarantine. Since machine is still happy.

Personally, I've always suspected Panda of too many FP's & seeing "you may need to turn off AV & Firewall & put in trusted zone" (I never allow anything or one in there) & re-activate all those A-X's would give me nightmares.

I thank your Time & for offer of help, which, perhaps, at a future time I may well require. I love your program & fast service/response to inquiries. Keep up the good work on our behalf! ;) Sandy

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.