Sign In
Create Account
0
hi
i just scanned my system.
can someone tell me if i should remove these or not please?
especially logon.exe seems to me like stability issue of winxp...
Malwarebytes' Anti-Malware 1.41
Database version: 3183
Windows 5.1.2600 Service Pack 2
Files Infected:
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2gdr\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2qfe\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.
C:\WINDOWS\system32\dllcache\user32.dll (Virus.Mariofev) -> No action taken.
C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Virus.Mariofev) -> No action taken.
C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.
thanks for help guys, only malwarebytes found these, other programs not.
Back to top
#2
Posted 17 November 2009 - 06:46 PM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
Update and scan again , there is a FP in there that has already been fixed .
#3
Posted 17 November 2009 - 06:49 PM
-
- Members
-
- 6 posts
New Member
nosirrah, on Nov 17 2009, 06:46 PM, said:
Update and scan again , there is a FP in there that has already been fixed .
thanks...will do and let you know.....please keep me informed...thanks
#4
Posted 17 November 2009 - 06:55 PM
-
- Trusted Advisors
-
- 834 posts
Elite Member
I would not remove all these entries yet. There may be some false positives in there. Update Malwarebytes to the latest database. It should be database version 3188 or higher. Then run another scan and see what it finds.
EDIT: Oops, nosirrah beat me to it. Sorry about that.
EDIT: Oops, nosirrah beat me to it. Sorry about that.
#5
Posted 17 November 2009 - 07:30 PM
-
- Members
-
- 6 posts
New Member
nosirrah, on Nov 17 2009, 06:46 PM, said:
Update and scan again , there is a FP in there that has already been fixed .
so i have updated and there is this left for FP:
Malwarebytes' Anti-Malware 1.41
Database version: 3188
Windows 5.1.2600 Service Pack 2
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.
Files Infected:
C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.
C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.
so should i still wait for fixing?
seems to be that worm.emold logon.exe is still there......
thanks guys
#6
Posted 17 November 2009 - 09:02 PM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
What is there needs to be removed .
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
