Jump to content

Infected with Spyware.Passwords.XGen using Pro Version


Recommended Posts

Malwarebytes PRO found several instances of Spyware.Passwords.XGen during an automatic scan. It implies it has been cleaned, but my computer has slowed and seems like it is still infected. Additional scans by Malwarebytes doesn't find anything and scans by Superantispyware (paid version) does not detect anything out of the norm. The computer also uses Trend Micro Client/Server Security Agent and scans suggest PC is clean. All of the above are always kept current and run full scans daily. Thanks in advance for your help!

Here is the log file:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6752

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/2/2011 6:01:02 AM

mbam-log-2011-06-02 (06-01-02).txt

Scan type: Full scan (C:\|)

Objects scanned: 346769

Time elapsed: 1 hour(s), 45 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Mike.ASI\my documents\mike o'ship\trek-manual\START-PC.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\program files\Brother\BRCDUTL\BRHL5250\inthelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\program files\Brother\BRCDUTL\BRHL5250\fscommand\FAQ_1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\program files\Brother\BRCDUTL\BRHL5250\fscommand\FAQ_2.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\program files\Brother\BRCDUTL\BRHL5250\fscommand\FAQ_3.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\program files\Brother\BRCDUTL\BRHL5250\fscommand\FAQ_4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

ark.zip

attach.zip

Link to post
Share on other sites

I no longer have the Brother printer and therefore not worried about the drivers being deleted.

Are you certain about the false positive? Not questioning your expertise, but my computer seemed to slow on boot-up when promted for computer and network login passwords.

Thanks for taking the time to investigate.

Link to post
Share on other sites

  • Staff

Hi,

Pretty sure they're legitimate, yes. Please dequarantine them and report it in our forum so that others with the printer do not experience the same issue.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.