Jump to content

Recommended Posts

Hello, I've been a MBAM supporter and customer for some time now, however never found the need to register and post on the forums until now.

Please note, this is a week fresh install of Windows 7, fully updated, hardened with focus on security over usability and installed with all legit purchased software from fully signed vendors. I run KAS PURE and a Anti-logger program.

I did a full scan today, and I noticed a very unusual result which states it detected over 3819 total infections.

I read through the result log and noticed these folders, user names and files are not even that of my computer! They don't even exist.

I am very confused on how this occured, however I went ahead and Quarantined, rebooted then deleted the quarantine list anyway.

Attached is the saved log file. I hope this is a false error of some sort. It's quite scary!

Thank you in advance.

Link to post
Share on other sites

Note; I just updated MBAM (went from 8120 to 8130) and I noticed the same amount of odd detections I had were the same amount removed from the total 'Fingerprints loaded'. I guess the issue was located and fixed then? :) Would be nice to know how this happened, however. I've heard of False-positives (None of which I've experienced through MBAM in my time) though never a copious listing of detections on folders and files that are non-existent on my computer and completely unrelated to me. The security paranoid I am, I thought some sort of hacker generated virtual workstation, with their own local account was on my PC and heavily infected, hence I've been checking updates on this in and out all day.

Thank you.

Link to post
Share on other sites

  • Staff

This may be a collision between all your security software. Exclusions may have to be set. I am going to get support to help you look at this. Flushing the quarantine is a bad idea in case something is a false positive. All files in quarantine are disabled and are incapable of running.

Till support gets to this post. Can you please list all your security software you are running and the version #'s

Thanks!

Link to post
Share on other sites

Hello, shadowwar. I appreciate your assistance.

I run Kaspersky PURE 9.1.0.124 and Zemana AntiLogger 1.9.2.803 beside MBAM Pro. All legitimately purchased and registered. Before activating the Protection module, I carefully placed Kaspersky into MBAM Pro's ignore list and MBAM Pro into Kaspersky's exception list. Proven and tested, these two work very well beside each other. :)

Within the log I see a foreign language listing 'menú inicio'. Again, I have never even heard of the files / folders listed in the logs. Completely unrelated to me or my pc (or so I hope). :)

Thank you

Link to post
Share on other sites

Hi :), this issue is still occurring today. I turned off Kaspersky PURE and the Antilogger application, running only a hardware firewall with av, updated Malwarebytes, then ran a full scan again and got the following;

----

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 70

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\microsoft\network\downloader\smmservice.exe (Rogue.DefenceCenter) -> No action taken.

c:\programdata\microsoft\windows defender\av.exe (Rogue.MultipleAV) -> No action taken.

c:\programdata\microsoft\windows defender\ave.exe (Rogue.MultipleAV) -> No action taken.

c:\programdata\microsoft\windows defender\msascui.exe (Rogue.MultipleAV) -> No action taken.

c:\programdata\microsoft\windows defender\vma.exe (Rogue.MultipleAV) -> No action taken.

c:\windows\system32\config\6to4nt.dll (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\6to4nt.dll (Trojan.Agent) -> No action taken.

c:\windows\system32\config\explore.exe (Backdoor.SpyNet) -> No action taken.

c:\windows\syswow64\config\explore.exe (Backdoor.SpyNet) -> No action taken.

c:\windows\system32\config\firewall.exe (Backdoor.Bot) -> No action taken.

c:\windows\syswow64\config\firewall.exe (Backdoor.Bot) -> No action taken.

c:\windows\system32\config\htco.exe (Backdoor.Bot) -> No action taken.

c:\windows\syswow64\config\htco.exe (Backdoor.Bot) -> No action taken.

c:\windows\system32\config\messenger.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\messenger.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\mswinsck.ocx (Backdoor.Bot) -> No action taken.

c:\windows\syswow64\config\mswinsck.ocx (Backdoor.Bot) -> No action taken.

c:\windows\system32\config\realtekac.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\realtekac.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\sam10.log (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\sam10.log (Trojan.Agent) -> No action taken.

c:\windows\system32\config\sys\iexplorerr.exe (Trojan.Banker) -> No action taken.

c:\windows\syswow64\config\sys\iexplorerr.exe (Trojan.Banker) -> No action taken.

c:\windows\system32\config\sys\mediaplayer.exe (Trojan.Banker) -> No action taken.

c:\windows\syswow64\config\sys\mediaplayer.exe (Trojan.Banker) -> No action taken.

c:\windows\system32\config\sysrun.exe (Password.Stealer) -> No action taken.

c:\windows\syswow64\config\sysrun.exe (Password.Stealer) -> No action taken.

c:\windows\system32\config\systemprofile\application data\apiqfw.dat (Malware.Trace) -> No action taken.

c:\windows\syswow64\config\systemprofile\application data\apiqfw.dat (Malware.Trace) -> No action taken.

c:\windows\system32\config\systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\application data\pcant.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\application data\pcant.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\application data\pkz.ini (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\application data\pkz.ini (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\application data\printer.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\application data\printer.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\cftmon.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\cftmon.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\ftpdll.dll (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\ftpdll.dll (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\ntload.dll (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\ntload.dll (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\start menu\programs\startup\chkdisk.dll (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\start menu\programs\startup\chkdisk.dll (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\start menu\programs\startup\kufwin32.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\start menu\programs\startup\kufwin32.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\wuaucldt.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\updater.exe (Backdoor.Bot) -> No action taken.

c:\windows\syswow64\config\updater.exe (Backdoor.Bot) -> No action taken.

c:\windows\system32\config\win.exe (IM.Worm) -> No action taken.

c:\windows\syswow64\config\win.exe (IM.Worm) -> No action taken.

c:\windows\system32\config\windows.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\windows.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\msdtc\758501.exe (Worm.AutoRun) -> No action taken.

c:\windows\syswow64\msdtc\758501.exe (Worm.AutoRun) -> No action taken.

c:\windows\system32\msdtc\trace\smsses.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\msdtc\trace\smsses.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\systemprofile\local settings\application data\windows internet name service\wins.exe (Trojan.P2P) -> No action taken.

c:\windows\syswow64\config\systemprofile\local settings\application data\windows internet name service\wins.exe (Trojan.P2P) -> No action taken.

c:\windows\minidump\winup.exe (Backdoor.Agent.DC) -> No action taken.

c:\windows\system32\config\systemprofile\systemprofile\temp.exe (Backdoor.SpyNet) -> No action taken.

c:\windows\syswow64\config\systemprofile\systemprofile\temp.exe (Backdoor.SpyNet) -> No action taken.

c:\windows\system32\config\systemprofile\svchost.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\systemprofile\svchost.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\sysslcn.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\sysslcn.exe (Trojan.Agent) -> No action taken.

c:\windows\system32\config\csrss.exe (Trojan.Agent) -> No action taken.

c:\windows\syswow64\config\csrss.exe (Trojan.Agent) -> No action taken.

mbam-log-2011-11-11 (12-42-46).txt

Link to post
Share on other sites

Hello Mixene,

To replicate and look further into the cause of this issue I will need an OTL log to assist in diagnosing this issue.

Please Download OTL to your Desktop:

To Use OTL:

  • Get OTL From
HERE
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please attach these 2 files in your next reply.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.