4 replies to this topic

[CharlesT]

Hello,
I am new to this forum just now discovered it although I have had Malwarebytes on my computer since Nov. 25, 2008. I did purchase it although realize I really did not have to I like supporting the products I use. I do have an Internet Security program as well and this works well side by side with it.
Now the reason I am posting is just to ease my mind I am pretty sure Malwarebytes has already removed the threat that somehow got by Internet Security , the entire address that this threat was discovered at wasC:\WINDOWS\$NtServicePackUninstall$\wextract.exe(Backdoor.Bot)--->Quarantined and deleted successfully.the bold type is exactly how it showed under files infected after running the Malwarebytytes scan.

This forum is very similar to the Internet Security forum I use as well and find these forums to be very helpful and like I mentioned above Pretty sure the threat was taken care of. I Googled and could not find anything it mentioned in the task manager or though the windows exployer searching for the named files , but any addedadvice would be welcome none the less . Thanks in advance fr your time.

[CharlesT]

Malwarebytes' Anti-Malware 1.34
Database version: 1785
Windows 5.1.2600 Service Pack 3

2/21/2009 12:04:04 PM
mbam-log-2009-02-21 (12-04-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128509
Time elapsed: 17 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Just one more note the above is the actually log I copied and pasted it here the file is currently Quarentined has not been deleted as yet til I am sure its ok to do so since this is new to me , thanks again just adding a little more info , I also ran a hijack this file and myself didnt see anything but can add that as well if needed

[AdvancedSetup]

I think this may be a False Positive.

Please restore the file and then, Click the Start Menu, Run, and type the following: mbam.exe /developer and post back that log.

Or, you can just restore the file and UPDATE MBAM again and scan again. I think this was already reported and fixed in newer defs. Current defs are 1790

[CharlesT]

Malwarebytes' Anti-Malware 1.34
Database version: 1787
Windows 5.1.2600 Service Pack 3

2/21/2009 8:38:09 PM
mbam-log-2009-02-21 (20-38-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128557
Time elapsed: 17 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hello Again.

I did as instructed to do and ran a fresh log i haven't updated again(i did update once defs.. when file was already qurantined but I never took out of the qurantine til you told me too) yet but already shows clean was running a scan when saw your current Defs info ,
so yes was a False Positive as you stated thanks again breathing a little easier now ha ha , log shows clean now,
Thanks again

[AdvancedSetup]

No problem, you're welcome.