Katusha.A, BackDoor.Generic14.ANAA and Rootkit.0Access

[cmlion]

Detection by Anti-Virus products of these tools we are using are Fale Positives because they could be used to cause damage if used improperly

in this case is me the potential cause. SO please tell me how to unistall them(they have tracks in registry, etc?). Use them is really introducing a virus in my computer as You told me

or by Malware writers.

I don't think malware writers could use them to cauzs damage on my computer. When take control of my computer? In this case why not to use their own tools(for ex. tu run a exe who can stolen my passwords)instead of these you use in forum.

You said right here that you removed Office so how or why would you expect it to work if you uninstalled it?

No, I not expect to work. I expect not to be there (ij dir's) thhose files, MSWORD ,EXCELL, etc, anf a a lot o files. The unistall process is not

doing that erase I expected. But I'll do it instead of uninstall

You said here that you observed something odd with MBAM - which from your description it would seem to be something wrong with the install thus the recommendation to do a clean removal and reinstall.

ok and mbab_clean.exe is wellcome. But why you pointed me to use those exceptionns you want me to do in AVG (regarding MBAM) and in MBAM(regarding AVG)???

The let me know what issues if any that you continue to have.

Ok I will tell you now.

FOr ex AVG 2 minutes ago:

Error signature

szAppName : avgnsx.exe szAppVer : 12.0.0.1859 szModName : avgxpl.dll

szModVer : 12.0.0.1873 offset : 00027276

You see the attachments

For upload reasons please rename avgnsx.exe.hdmp.txt to avgnsx.exe.hdmp

IN event viewer

Faulting application avgnsx.exe, version 12.0.0.1859, faulting module avgxpl.dll, version 12.0.0.1873, fault address 0x00027276.

ALso in event viewer I see a very frequently warning:

Windows saved user LAPTOP\m registry while an application or service was still using the registry during log off.

The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

appcompat.txt

avgnsx.exe.hdmp.txt

[AdvancedSetup]

Well I'm not really sure what to tell you at this point. We can continue to try and fix things but its starting to look like you really would be better off saving your data then reinstall Windows from scratch.

[cmlion]

ok, I'll do that but before that respond me to:

Detection by Anti-Virus products of these tools we are using are Fale Positives because they could be used to cause damage if used improperly

in this case is me the potential cause. SO please tell me how to unistall them(they have tracks in registry, etc?). Use them is really introducing a virus in my computer as You told me

or by Malware writers.

I don't think malware writers could use them to cauzs damage on my computer. When take control of my computer? In this case why not to use their own tools(for ex. tu run a exe who can stolen my passwords)instead of these you use in forum.

Why you pointed me to use those exceptionns you want me to do in AVG (regarding MBAM) and in MBAM(regarding AVG)???

[AdvancedSetup]

No these tools are NOT Malware or Virus and DO NOT introduce any VIRUS. AV tools are simply being cautious about them is all.

They are special tools that "other malware" could script to use for bad purposes is all.

Simply delete them and they will be gone.

For combofix just rename it to "uninstall.exe" and run it and it will remove itself or click on Start - Run and type in COMBOFIX.EXE /UNINSTALL

I don't think malware writers could use them to cauzs damage on my computer.

You're certainly allowed to have your own opinion about that but evidence to the contrary exists.

Why you pointed me to use those exceptionns you want me to do in AVG (regarding MBAM) and in MBAM(regarding AVG)???

Because otherwise AVG can step on MBAM and prevent it from running, again it's your computer and your choice but if you want it to work properly then exclusions need to be setup so that they can work together correctly.

As you will be rebuilding the computer you should REMOVE the partition and format a new one as part of the install.

I will go ahead and close your ticket now since you've said you will proceed with rebuilding.

Take care and good luck.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!