Jump to content

File Execution Blocking

mewnlite
 Share

Recommended Posts

mewnlite

mewnlite

Posted
Posted

I running version 1.51.0.1200.

Yesterday while I working on a project MBam popped up a message that something was trying to run or install or something. I can't really think of anything I had clicked on that might have prompted it but nevertheless I chose "quarantine".

I was busy at the time but later I decided to go look at my logs. If I'm not mistaken in XP that should be at C:\Documents and Settings\User\Application Data\Malwarebytes\Malwarebytes' Anti-Malware under the Quarantine folder. That folder exists but it is empty. The Logs folder has three logfiles from way back when I ran some scans.

I would like to know what triggered the alert. If I chose "Quarantine" and the window went away, then it should have stored it *somewhere".

Where else might quarantine information be stored?

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

Hello Mewnlite,

Can you please provide the logs that show quarantining the file(s). Attach to your next post.

Also, in the quarantine tab within the main scanner, is are there any entries within that tab?

Thank you very much!

Link to post
Share on other sites
mewnlite

mewnlite

Posted
  • Author
Posted

Hello Mewnlite,

Can you please provide the logs that show quarantining the file(s). Attach to your next post.

Also, in the quarantine tab within the main scanner, is are there any entries within that tab?

Thank you very much!

That was my problem. I couldn't find the logs, but I never looked under the quarantine tab you mentioned. It was listed there and it pointed to a file I had in a utility folder which was an asterisk password reader. I'm not sure what triggered it. I haven't used it for years and forgot I even had it.

I can understand why it would tag that file if I indeed tried to execute it and who knows, maybe I accidentally double clicked it or something (highly unlikely).

So now it's just a matter of curiousity. If it showed up under the quarantine tab, then where would the "log" be that you wanted me to attach? Evidentally the "Quarantine" folder I described was not the right place.

This is no longer a top priority matter of course. I was just afraid that I had inherited a piece of malware and wanted to get to the bottom of it. Now that I know what triggered it I'm not concerned about it anymore. It's also a good indication that MBam is doing its job!

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

Hello mewnlite,

Scan logs are located: (Just copy/paste these addresses within your explorer)

Windows Vista/7


%programdata%\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Logs

Windows XP


%programdata%\Start Menu\Programs\Malwarebytes' Anti-Malware\Logs

Protection logs are located:

Windows Vista/7


%ALLUSERSPROFILE%\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows XP


%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Any logs that have the Quarantined file within them please attach the .txt into your next reply.

Thank you very much!

Link to post
Share on other sites
mewnlite

mewnlite

Posted
  • Author
Posted

I previously looking in my own user folder instead of All Users.

I've attached the one that shows the appropriate information.

Also the quarantine folder under All Users had a file named BACKUP1.05388 which contained...

0=HackTool.Asterisk

1=6/8/2011

2=File

3=H:\utilities\AsterikPasswordReader.exe

4=05388

Thanks for helping me locate these files.

protection-log-2011-06-08.txt

Link to post
Share on other sites
Mainard

Mainard

Posted
Posted

Hello Mewnlite,

%ALLUSERSPROFILE% is just a redirection for windows that is primarily: 

C:\ProgramData\

Are you showing signs of infection? If you feel at all that you may have gotten infected I suggest creating a topic in HJT:

We don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

You can follow the directions below and someone will assist you with running scans on your system to see if they can detect anything.

Please print out, read and follow the Directions HERE, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

When the expert gives you the all clear my mind can be left at ease. :)

Thank you very much.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.