12 replies to this topic

[rriso]

Hello,
I just ran a scan after updating and found this.
Sorry, I don’t remember how to use the developers switch.

Malwarebytes' Anti-Malware 1.41
Database version: 3182
Windows 5.1.2600 Service Pack 3

11/16/2009 4:28:15 PM
mbam-log-2009-11-16 (16-28-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 152919
Time elapsed: 20 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\ServicePackFiles\i386\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Virus.Mariofev) -> No action taken.

[nosirrah]

This may actually be a FP , one sec .

[nosirrah]

This should be fixed .

[wickedgal]

nosirrah, on Nov 17 2009, 01:34 AM, said:

This should be fixed .

Yaaa! I've been scanning my system with all sorts of stuff in safe mode after having the same issue.

Running another scan now that I've restored the files from quarantine.

Thanks for fixing this so fast.

[rriso]

Thanks nosirrah.
I am really impressed as to how quick you guys/gals react to issues like this.

[LostHearts]

Hi, Malwarebytes also found 4 instances of this virus. If it is a false positive, what should I do (sorry, I'm not too computer literate yet)? Should I chose "Ignore"?

Thank you in advance.

[exile360]

Greetings LostHearts

Please start Malwarebytes' and update it, then do a Quick Scan. The detections should be gone then.

[anealm]

exile360, on Nov 16 2009, 11:30 PM, said:

Greetings LostHearts

Please start Malwarebytes' and update it, then do a Quick Scan. The detections should be gone then.

fixed. thank you

[LostHearts]

exile360, on Nov 16 2009, 11:30 PM, said:

Greetings LostHearts

Please start Malwarebytes' and update it, then do a Quick Scan. The detections should be gone then.

Thanks for the quick response.

I updated Malwarebytes just before the scan. I always update when I'm going to scan my PC, so I have the latest update before the scan begins.

But I will try it again and see what happens. Can't hurt!

I appreciate any thoughts on this matter. According to a Google search, it seems that this Mariofev is quite a serious worm so it is really of great concern to me.

[AdvancedSetup]

@LostHearts,

You should really create your own FP post so that you're specific issue is addressed.

Please click on START - RUN and type in MBAM /developer and then do your Quick Scan and post back the log and we'll review it.

[LostHearts]

AdvancedSetup, on Nov 17 2009, 03:39 AM, said:

@LostHearts,

You should really create your own FP post so that you're specific issue is addressed.

Please click on START - RUN and type in MBAM /developer and then do your Quick Scan and post back the log and we'll review it.

Thanks, it's just that my problem was the same as the OP and a lot of forums like to keep down the # of threads about the same topic.

Cheers!

[nelchel05]

I had the same thing come up last night.. They were all deleted is that ok??

[LostHearts]

nelchel05, on Nov 17 2009, 03:44 PM, said:

I had the same thing come up last night.. They were all deleted is that ok??

I did the same thing--they're deleted & quarantined as of last night. Booted up the PC this morning and everything is working fine. I did another Malwarebyte scan and there were no infections.

It seems up in the air whether Mariofev is an FP or not. Some sites say yes and that it's very serious; others say it's a false positive. Considering the descriptions of what it does, I decided just to hit the Remove button.

Malwarebytes is a great program and I'm going to recommend it to others. I had run other scans just the day before and they found nothing. Now of course maybe my PC hadn't been infected yet but it could also be that Malwarebytes was the only one to pick it up. This would be the 2nd time this program found something the others didn't.