Jump to content
Sign in to follow this  
silat

False False False

Recommended Posts

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6046

Windows 6.1.7600

Internet Explorer 9.0.8080.16413

03/13/2011 08:34:41 PM

mbam-log-2011-03-13 (20-34-36).txt

Scan type: Full scan (C:\|)

Objects scanned: 524145

Time elapsed: 54 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\Drive\shell\(default) (Hijack.Drives) -> Bad: (open) Good: (none) -> No action taken. [aef04ccb748c46bab4d5bcc27c89b848]

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files (x86)\iehistory nirsoft\iehv.exe (PUP.HistoryTool) -> No action taken. [0b936fa843bd7e82aff2483211efc53b]

c:\program files (x86)\lame_enc64.dll (Spyware.OnlineGames) -> No action taken. [5b439483fc04dc245683b19714ef52ae]

c:\program files (x86)\svchost viewer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [2e7064b3d729fd03f13772d73fc55ea2]

Share this post


Link to post
Share on other sites

Can you please zip these files and attach here?

c:\program files (x86)\lame_enc64.dll

c:\program files (x86)\svchost viewer.exe

This is detected properly:

c:\program files (x86)\iehistory nirsoft\iehv.exe (PUP.HistoryTool) -> No action taken. [0b936fa843bd7e82aff2483211efc53b]

You can add to ignore list if you legitimately use it.

Share this post


Link to post
Share on other sites

Can you please zip these files and attach here?

c:\program files (x86)\lame_enc64.dll

c:\program files (x86)\svchost viewer.exe

This is detected properly:

c:\program files (x86)\iehistory nirsoft\iehv.exe (PUP.HistoryTool) -> No action taken. [0b936fa843bd7e82aff2483211efc53b]

You can add to ignore list if you legitimately use it.

What does the cryptic "PUP.HistoryTool" mean and why is it being flagged as malware? I just took a Computer Forensics survey course and received that tool for doing labs. It being flagged as Malware alarmed me, so I'm curious why it's being flagged when it's not harmful.

Then again, many tools flag the "Magic Jellybean Keyfinder" as Malware as well, when I use it all the time on other people's systems when they want me to clean up infections and I need to do a clean install.

Share this post


Link to post
Share on other sites

Greetings :)

Anything detected as PUP is considered a Potentially Unwanted Program. That is what it is being flagged as, not as a regular infection.

As for the reason it is detected, that's because while it does have legitimate uses (for example, as in your Computer Forensics course), it can also be used maliciously, so we flag it, using the PUP classification so that advanced users who use the tool for legitimate purposes such as yourself can simply have MBAM ignore it, thus protecting users that have not deliberately downloaded this tool, and it's presence may be on the system for hacking/tracking purposes etc.

If you do not want anything in the PUP category to be detected, or just not selected for removal by default, you may use the drop down menu next to Action for potentially unwanted programs (PUP): located under Scanner Settings in the Settings tab.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.