8 replies to this topic

[StudioT]

Hello, new to Malwarebytes and this forum.

Have been testing a (paid for) copy of MB on a pc with no problems for last couple of months.

In last 2 days have had XRT_rmib.exe (45k) in lodged limited user account.

MB scans do not reveal this or several registry entries in Internet Explorer keys.

have found two references

http://forums.active...php?t-7744.html

and

http://www.awportals...ticle.php?a=215

[GT500]

Chances are, someone is going to want to see a HijackThis log, so you might want to go ahead and post one.

[JeanInMontana]

Yes you should probably follow the instructions here and start your own topic in that forum.

[RubbeR DuckY]

Please also submit the files of the infection to http://uploads.malwarebytes.org

[StudioT]

Still getting the hang of this forum.

Yes I can upload the file. I can see the upload page, but cant see anywhere to add notes.

Renaming the beast seems to neutralise it, but I would change the extension to .txt for safety.

I will try to find the registry keys again, but have already deleted the offenders, wothout noting the entries, sorry.

Unless someone really wants to look at a HJ log I don't feel the need to obtain one.

[RubbeR DuckY]

Quote

Yes I can upload the file. I can see the upload page, but cant see anywhere to add notes.

Feel free to upload a zip file with a text document describing the malware.

Quote

Renaming the beast seems to neutralise it, but I would change the extension to .txt for safety.

Please keep the extension intact and just upload it zipped up.

Quote

Unless someone really wants to look at a HJ log I don't feel the need to obtain one.

This is to make sure everything was removed correctly. I would recommend you post one.

[StudioT]

Zip uploaded as requested.

[nosirrah]

My next update will address this .

Thanks for the sample .

[StudioT]

Glad to help.