11 replies to this topic

[Danielle]

A few months ago I ran a scan from Malwarebytes and it detected a virus in the boot.ini file. When i rebooted my pc i noticed i got a message that said invalid boot.ini in an all black background. The message only appears for about 1 or 2 seconds, then the pc continues booting up. There is no boot.ini tab under the System Configuration Utility.

Keep this in mind, I'm completely clueless with computers. So I don't know how important a boot.ini file is.

Here is the log from the scan.




Malwarebytes' Anti-Malware 1.34
Database version: 1775
Windows 5.1.2600 Service Pack 2

2/18/2009 1:29:48 PM
mbam-log-2009-02-18 (13-29-48).txt

Scan type: Quick Scan
Objects scanned: 46698
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\boot.ini (Trojan.Agent) -> Delete on reboot.

[yardbird]

Hi Danielle! welcome to the forum. Is this log that you posted your current one? Because it says version 1.34 and we are up to version 1.38. please reply... regards

[Danielle]

yardbird, on Jun 20 2009, 03:16 AM, said:

Hi Danielle! welcome to the forum. Is this log that you posted your current one? Because it says version 1.34 and we are up to version 1.38. please reply... regards

Hello, and thanks! Yeah this is from a few months back. I've updated malwarebytes to its current version

[yardbird]

Can you post a log from the 1.38 version from a quick scan?

[Danielle]

yardbird, on Jun 20 2009, 03:18 AM, said:

Can you post a log from the 1.38 version from a quick scan?

Sure, I ran a scan early and it detected a virus in a registry. So far i have 3 quarantined items.


Malwarebytes' Anti-Malware 1.38
Database version: 2309
Windows 5.1.2600 Service Pack 2

6/19/2009 5:36:01 PM
mbam-log-2009-06-19 (17-36-01).txt

Scan type: Quick Scan
Objects scanned: 125425
Time elapsed: 41 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[yardbird]

Can you do an update please to database 2310.. and post a quick scan back?
Edit: I sent a PM to a senior support staff member to look at your log.

[Danielle]

yardbird, on Jun 20 2009, 03:33 AM, said:

Can you do an update please to database 2310.. and post a quick scan back?

Mo problem at all. Ill post back the results as soon as the scan is finished.

[yardbird]

Thank you very much, a support staff member will look at the log!

[Danielle]

yardbird, on Jun 20 2009, 03:38 AM, said:

Thank you very much, a support staff member will look at the log!

Okay thanks for the replies. Here is the log

Malwarebytes' Anti-Malware 1.38
Database version: 2310
Windows 5.1.2600 Service Pack 2

6/20/2009 12:05:30 AM
mbam-log-2009-06-20 (00-05-30).txt

Scan type: Quick Scan
Objects scanned: 124890
Time elapsed: 31 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[nosirrah]

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

In older versions of MBAM we set this key to a nonstandard configuration . It was functional but we thought it best to set it back to default .

That is all that this is .

[Danielle]

nosirrah, on Jun 20 2009, 04:07 AM, said:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

In older versions of MBAM we set this key to a nonstandard configuration . It was functional but we thought it best to set it back to default .

That is all that this is .

what about the boot.ini problem? Its still quarantined since Feb. and I'm wondering if its safe to restore since its missing.

[yardbird]

Right now you have a clean scan! To make sure support see's the boot.ini that you have in Quaratine. Can you go and post a new topic in the False Positive Forum please.... regards...