Sign In
Create Account
2
Had a user recently who had potential false positives. Please analyze the log. Thanks.
Thread: http://www.geekpolice.net/virus-spyware-ma...5511.htm#100693
Malwarebytes' Anti-Malware 1.41
Database version: 3143
Windows 5.1.2600 Service Pack 3
11/11/2009 4:51:15 AM
mbam-log-2009-11-11 (04-51-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 205307
Time elapsed: 2 hour(s), 33 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\commyFix\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\commyFix11601c\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0007465.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0012818.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
#1
Posted 13 November 2009 - 01:53 AM
-
- Honorary Members
-
- 373 posts
True Member
- Gender:Male
Back to top
#2
Posted 13 November 2009 - 02:18 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
Already fixed
The others , I may need the files to know for sure .
C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys (Rootkit) -> Quarantined and deleted successfully.
Already fixed
The others , I may need the files to know for sure .
#3
Posted 13 November 2009 - 02:32 AM
-
- Honorary Members
-
- 373 posts
True Member
- Gender:Male
I have asked the user to run MBAM in developer mode. Would that work?
#4
Posted 13 November 2009 - 02:38 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
update first but yes , that will work
#5
Posted 15 November 2009 - 11:50 PM
-
- Honorary Members
-
- 373 posts
True Member
- Gender:Male
Sorry for the delay, the user has not replied, yet.
Do you think it is too late?
Do you think it is too late?
#6
Posted 16 November 2009 - 01:07 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
I have this fixed , got the data from another source .
#7
Posted 16 November 2009 - 01:15 AM
-
- Honorary Members
-
- 373 posts
True Member
- Gender:Male
Thanks for letting me know. 
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
