What does MBAM embedded fileASSASSIN do to a file?

[IJzerbroot]

Hi all!

I have a question regarding fileASSASSIN embedded in MBAM. I know this program removes files, that otherwise cannot be deleted but...

My question is this: does fileASSASSIN (embedded, not the stand-alone version) make changes to a file to be deleted in such a way that one would expect any anti-virus program to detect a Trojan or Malware in that file?

I used fA to remove 3 files. For each file reboot was needed. After reboot and restarting MBAM-> fA my Antivirus scanner allerted me that the file-to-be-deleted was infected. I sent these files to the Lab to be analysed. They reported that these files were damaged (I think that that was fA's doing) but:"Nevertheless we were able to determine that it contains malicious code fragments"...

Could it be that the "malicious code fragments" were created by MBAM/ fA, or would it be that these fragments were part of these files, and the anti-virus program should have detected that?

[daledoc1]

Hello and welcome to MBAM, IJzerbroot:

Until an expert arrives, you might want to take a look at the following posts for a bit of info:

http://forums.malwarebytes.org/index.php?showtopic=84483&view=findpost&p=428444

http://forums.malwarebytes.org/index.php?showtopic=78659&view=findpost&p=403561

And, from the help file:

FileASSASSIN is a powerful application that can delete any type of locked files that are located in the computer. The program uses advanced programming techniques to unload modules, close remote handles, and terminate processes to remove the particular locked file. It is capable of removing one file at a time, and it cannot delete registry entries or folders. Please use with caution as deleting critical system files may cause system errors.

Do you think your system may be infected?

If so, please read below for more guidance.

Alas, we cannot review scan logs or work on malware detection/removal in this part of the General MBAM forum.

Excellent, self-help troubleshooting info for getting MBAM to run on an infected machine can be found here.

And there are specific, self-help malware removal instructions here.

If you would like expert assistance with cleaning your system, there are 3 support options from which to choose:

• Option 1 -- Free, Expert advice in the Malware Removal Forum
  
• Option 2 -- Paying customer using MBAM PRO -- Contact MBAM Support via email
  
• Option 3 -- Premium, Fee-Based Support
  

OPTION 1

As we don't deal with malware removal in this General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so that a qualified helper can help you fix any malware related problems/infections you may have.

• First, please print out, read and follow the directions here, skipping any steps you are unable to complete.
  
• If the infection has so crippled the computer that you cannot follow most/all of the requested steps, then please just proceed as advised below:
  
• Then please post a NEW topic here.
  
• When posting your new thread, please make sure that, under "options", you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  
• One of the expert helpers there will give you free, one-on-one assistance when one becomes available.
  
• Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  

IMPORTANT NOTE: Please DO NOT post back to ("bump") your topic within the first 48 hours.

Replying to your own posts changes the post count from zero. Helpers are looking for topics with zero replies. If you reply to your own post, helpers may think that you're already being helped and thus may overlook your post. This will only delay your obtaining assistance.

• 
  o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  o You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer using MBAM PRO, you can contact the help desk at support@malwarebytes.org or here.

OPTION 3

If you would like to use the Malwarebytes Premium Services (Comprehensive solutions to all your computer support needs -- from installation and set-up to troubleshooting and tune-ups), please go to the Malwarebytes Premium Services support site.

Please be patient, someone will assist you as soon as it is possible.

I hope this helps!

Someone more expert than I will undoubtedly have more information about FileASSASSIN,

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.

[IJzerbroot]

Thank you Daledoc1 for your answer! (Hope for your sake that parts of it were copy/pasted)

"My" Anti-Virus company recently added some ASK (ASK-toolbar) files to its software. Not too long ago their software warned for those files, but now it doesn't.

There are 3 files I considder "pesty little things". I uploaded all of them to online scanners and none of them gave any alarm, so I think I'm safe...

I don't need these files, but with every update they are restored (uploaded again) and they "phone home" without my permission.

So I tried to delete them, but they were protected... My thought was to use MBAM/ fA for this job.

fA needed a reboot to delete each file, but on restarting fA "my" Antivirus softwere detected 'TR/Drop.Softomat.AN' in one file and 'TR/Trash.Gen.Trojan in the other 2.

Their Lab investigated these files and reported me back that these files were dammaged and MALWARE, they contain fragments of malicious code.

That's the why of my question: were these "malicious code fragments" already in these files or is it possible that MBAM-fA is responsible for these fragments?

In other words (and that makes this a "tricky topic") can I still trust this av-company, or is there reason to assume they just put these files on their "ignorelist"?

Note: when using the stand-alone version of fileASSASSIN trying to delete these files, then the antivirus software doesn't detect anything, this only happens using the MBAM embedded version (version 1.51.0.1200)