Malwarebytes keeps Detecting that are no longer there.

[h-7]

I ran malwarebytes to clean up my system. The scans come back finding 0 items. I then purchased the program and enabled the protected mode. Everytime I reboot the pc, malwarebytes pop's up and detects a file. I can disabled the protection, ignore or quarantine. No matter which I choose the box goes away. After I reboot again malwarebytes pop's up with the same file. In this case its RelevantKnowledge files. Malwarebytes says the file is located C:\Program Files\ReleventKnowledge\. I turned off hidden files and set it to show protected system files. When looking through program files there is no folder for ReleventKnowledge. I went into the registry and removed all traces of Relevent Knowledge. I also deleted the quarantined items in Malwarebytes (most of them were releventknowledge). I used a virtual xp to verify that there is no folder for Relevent Knowledge. So at this point I am stumped. I want to keep malwarebytes but not with it poping up with this message at each boot up. Any idea's? Antivirus scans, combofix, and spybot all come back clean. I need some help.

Thanks.

[AdvancedSetup]

Please run the following scanner and post back the logs.

Download

DDS

and save it to your desktop

http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click

dds.scr

to run the tool.

When done, the

DDS.txt

will open.

Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
   
   
2. Attach.txt
   
   

• Save both reports to your desktop
  
  
• Please include the following logs in your next reply:
  DDS.txt
  and
  Attach.txt
  
  

Also click on START - RUN and type in MBAM /DEVELOPER and then run a scan and post back the MBAM log.

[h-7]

Here is the DDS log

DDS (Ver_10-03-17.01) - NTFSx86

Run by Owner at 12:29:49.61 on Fri 04/30/2010

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

Microsoft

Attach.zip

[h-7]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

4/30/2010 2:01:57 PM

mbam-log-2010-04-30 (14-01-57).txt

Scan type: Full scan (C:\|)

Objects scanned: 212575

Time elapsed: 52 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[AdvancedSetup]

I've posted in the FP forum to have one of the researchers take a look and see what's going on here.

http://forums.malwarebytes.org/index.php?s...st&p=242305

[h-7]

Thank you. I can understand the protection trying to remove it but when you go to the path of the file there is no folder there. Thats what has me stumped.

[AdvancedSetup]

Actually not being able to see files or folders is quite expected from much of the Malware these days. Windows uses specific APIs that can easily be circumvented to not show these file to the system. That is why there are other special scanners and software to detect and remove this stuff.

I'm not sure if its there or not and that's why I've posted to have them take a look, but not seeing it from Windows explorer or DOS is normal.

[h-7]

Any help? I have another computer doing a similar problem. This computer is just a different file. Malwarebytes keeps finding updateexplorer.dll which is a part of antivirus 7. The file is not where malwarebytes says its finding it. Malwarebytes removed the infection prior to me registering it. This is kind of annoying now. There has been no reply to the thread about this in the false positive section.

[h-7]

I even uninstalled malwarebytes, deleted all left over folders and registery items and then reinstalled it. As soon as protection mode was turned on it found the file updateexplorer.dll.

[h-7]

This is the protection log from another computer giving me the same problem

08:33:00 wells MESSAGE Protection started successfully

08:33:04 wells MESSAGE IP Protection started successfully

09:11:02 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert QUARANTINE

09:11:03 wells ERROR Quarantine failed: UtilityReadFile failed with error code 2

09:11:04 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert DENY

09:11:14 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert DENY

09:11:34 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert DENY

09:11:37 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert DENY

09:40:29 wells DETECTION C:\WINDOWS\SYSTEM32\UPDATEEXPLORER.DLL Trojan.FakeAlert DENY

10:12:16 wells MESSAGE IP Protection stopped

10:12:17 wells MESSAGE IP Protection started successfully

[whatmeworry?]

Malwarebytes keeps finding updateexplorer.dll which is a part of antivirus 7.

Hi. It's not clear from your message whether you are aware that antivirus 7 is malware. See http://forums.malwarebytes.org/lofiversion...php/t43142.html

[h-7]

I know its malware....The infection is gone from the pc. The "ghost" file is part of it. Malwarebytes successfully removed all parts of anti virus 7. But for some reason it keeps finding updateexplorer.dll. That fille is no longer in the folder.

[AdvancedSetup]

I'm sorry for the delay but the Dev Team is not available for the next few days. For now please just ignore it and we'll try to address it soon.

Thank you.