Jump to content



Recommended Posts

This morning, when MBAM Pro launched at startup, it warned me that it had "detected a malicious process attempting to start and has blocked the execution attempt." The file in question was C:\Program Files (X86)\Yahoo!\Yahoo!DesktopSearch\textextractor.exe, which MBAM identified as Rogue.SystemSmartSecurity. I have Yahoo Desktop Search (YDS) on my computer, but I don't have it set to start at startup, and I last used it a few days ago, when I simply had it update its database. I was a little disconcerted by the fact that the last modified date on this file was today, whereas no other file in YDS had today's date.

I decided to upload the file to VirusTotal. VT said that it had already evaluated this file and had found no problem, but I asked that they re-evaluate it. They did so, and none of their 42 programs found a problem. I then scanned it with Microsoft Security Essentials, and it found no problem. I then ran my usual Quick Scan with MBAM (after updating to database 6938), and it reported no malicious items discovered. Almost immediately after that, however, MBAM popped up to warn me again that it had detected a malicious process, etc. etc.

I've attached a zipped file containing the file in question (oops, apparently I didn't send it--see next message, where I DID send it). I'm not sure why, but for more than a year, on two different computers, I have been unable to have MBAM create a directors log, even though I followed the instructions provided here. All I get--both today and in the recent past--is a file identical to the usual Quick Scan file:

Malwarebytes' Anti-Malware


Database version: 6938

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

6/24/2011 11:21:09 AM

mbam-log-2011-06-24 (11-21-09).txt

Scan type: Quick scan

Objects scanned: 163043

Time elapsed: 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

At any rate, I hope someone from MBAM will be able to tell me whether this file is indeed malware.

Thanks in advance.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.