15 replies to this topic

[Xproject187]

I'm on a P-4(Asus P4SD-LA) w/ XPproSPIII & "I.E.8"
I depened on MBAM for protection as it's truely the best tool "I've found" for detecting Mal-Issues.
Well today I turned on My Desktop PC & noticed straight away that there was an MBAM ALERT !
Here's a Screen-Shot of the Alert:  MBAM_Alert.JPG   53.11K   35 downloads

Since I'd never gotten an alert about the program (Hard Disk Sentinel) "Untill Today's MBAM Updates".
I'd like to know if it's truely something to block ?
Or is it a flase positive ?
Any help insight or direction with this question is greatly appreciated !
Xproject187

[Xproject187]

 Jotti_Scan.JPG   76.34K   33 downloads

[nosirrah]

This could be a Fp that was fixed yesterday , please update and and scan again . If that does not fix this please zip and attach this file to your next post .

[Xproject187]

Ok I will do as You suggest, however at the moment I can't.
Because the Alert is currently still on My screen awaiting selection of one of three options.

In short I first have to make a selection (Ignore /Quarantine or Disable Protection)


What should I choose to proceed, Quarantine ?

[Xproject187]

nosirrah, on Oct 26 2009, 04:45 AM, said:

This could be a Fp that was fixed yesterday , please update and and scan again . If that does not fix this please zip and attach this file to your next post .

I should let You know that as soon as I turn on My PC I allways do an MBAM update first thing.
Also I was not doing a MBAM Scan,but rather the Alert just popped-up on My screen rite after the MBAM-update today @ aprox at 4pm,It was at that point I joined this forum & posted for guidance.

[nosirrah]

Choose ignore , then zip and attach a copy of this file to your next post .

[Xproject187]

nosirrah, on Oct 25 2009, 11:11 PM, said:

Choose ignore , then zip and attach a copy of this file to your next post .

"I clicked on ignore" As per Your instructions, however the instant I did, I got yet another Alert!
 IP_Block_Success.JPG   38.86K   38 downloads



These alerts were given without doing any type of scan(quick or otherwise)
Like both were issued due to detect.dll's activity
Anyway (enough of My speculation) So I went on & updated MBAM as you instructed.
 Successfull_UpDate.JPG   75.07K   44 downloads

After which I started a complete scan of My C:\ Drive.
At aprox 5 min's into the scan I decided to zip up the DLL in preperation of attaching it to this post.
However the instant I rite clicked upon it I got another alert from MBAM!
It was the same as the very 1st one I got(The one that sent Me here)
Once again MBAM was telling Me that the file detect.dll was Malicious!!
So I selected ignore, zipped it up & attached it to this post as per your instructions.

Once again thanx for any insight or direction with this issue.
Xproject187

Attached Files

•  Detect_DLL.rar   159.27K   24 downloads

[Xproject187]

I did a quick search on the IP Address (85.17.212.12)
It looks as though it belongs to a entity in the Netherlands.
 IP_Block_whois.JPG   65.74K   39 downloads
Irregardless the detect.dll shouldn't be trying to phone home to anyone! rite?
So I'll be awaiting Your instructions

[Xproject187]

Just wondering what thee outcome of my file submission was ?
As well as what steps I might need to take over here on my end (if any)

[nosirrah]

There was a FP with the protection module with this file that was corrected .

Are you still receiving protection module warnings .

[Xproject187]

nosirrah, on Nov 1 2009, 12:34 AM, said:

There was a FP with the protection module with this file that was corrected .

Are you still receiving protection module warnings .

At the time of My post(Oct 25 2009, 09:02 PM) I was unsure as to exactly which steps I should be taking in respect to the MBAM Alert! So I awaited further instructions directly from You.
However because more than two weeks passed without response from you & because I failed to see any justification for Hard Disk Sentinel(HDS) to be phoning home, I personally decided to uninstall(HDS) to temporarily alleviate the Alert issue & I haven't received anymore prompts from MBAM since that time.

However the truth is I really liked the program & all it had to offer ! So I'm going to update MBAM then reinstall HDS & wait & see what happens.
I'll re-post back here as soon as I know the answer to Your question.

[Xproject187]

I'm sorry it took Me so long to get back on deck but I was trying to finish up the clean installation of Windows 7 onto My PC.
So now with M$ Windows 7 & MBAM installed & both fully updated,the news is not all good!

I've noticed MBAM's Real-Time alerts(the ones that kept popping up alerting Me that HDS was up to no good) don't pop-up anymore, since MBAM's latest updates.
However if & when I do a full scan of My C:\ Drive, MBAM now hits on 4 files that it never used to hit on with the old updates(rule-set/list)!

 MBAM___HDS.jpg   173.15K   33 downloads


Keep in mind this is on a Clean Install of Windows 7 with all M$ Updates & the newest version of MBAM with newest updates as well!
So I've zipped-up the 4 files incase you want me to send them !

[nosirrah]

Zip and attach a copy of any of those files to your next post please .

[Xproject187]

I recently discovered that I am not using the newest version of Hard Disk Sentinel, so I'm downloading the newest free version now.
Once done I'll Re-install, Re-scan & Re-post ASAP!! Please excuse the slip-up ? "My Bad"
PS: I've attached the 5 files that MBAM hit on during it's last scan, as well as Pix of the Jotti scan results.
~X~
 Infected_Files.rar   1.06MB   53 downloads

[MAM]

Hello,

apparent clean with Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3268
Windows 5.1.2600 Service Pack 3

01.12.2009 20:07:43
mbam-log-2009-12-01 (20-07-43).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 155494
Laufzeit: 26 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


But read this:

http://virusscan.jotti.org/en/scanresult/9...e1d05687647c018

http://www.virustotal.com/de/analisis/12d5...8264-1259694655

Falseposetive, from the other AV vendors, or what ?

MAM

[Xproject187]

I know it's been a while since My last post where I attached the five HDS files that MBAM was hitting on.
Since then I kinda got hung up in real-time, however I finally completed My upgrade to the latest version of HDS-Pro as well as MBAM's newest database & I can honestly say: That while on Windows-7 with MBAM 1.42(3449) & HDS-Pro(3.00) I've yet to see MBAM alert me to anything.

However the post by MAM showing confirmation of My Jotti-scan results allows Me room to wonder. Don't it ?
Other than that I guess I'd have to say, "resolution has been acquired"
Thank You.
~X~