Sign In
Create Account
1
I am new on this forum, so sorry of this 1st post is misplaced.
I am using Malwarebytes's Antimalware 1.23 since a few weeks, and doing regularly some
scans. Usually with no infection detected.
However, several times I had this detection, looking like :
Rootkit.Agent C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad 48581
This happens during the last period of the scan, the one with the "heuristic" phase.
So I am induced to believe this could be a false positive.
What is the MBAM expert's advice ?
What looks curious to me is that this file logifld.iad has 0 bytes in size ...
How such a 0 bytes file can be detected has malware ? Can you tell me if this file a regular Microsoft file,
and what it is used for ?
(If I put this file in the chest, then it comes back again some time later on).
Thanks in advance for any info about this situation.
(Edited later) . I forgot to tell that this seems to occur since my upgrade to SP3
=======
Many thanks for the info, so I tried today to follow them.
First I have re-installed Spybot&Destroy, a made a run. I removed the detections, thy where all
"tracking cookies" (from Advira, DoubleClick, MediaPlex)
Here follow some logs :
- first MBAM log : (the one which produced the error)
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 992
Windows 5.1.2600 Service Pack 3
20:07:42 25/07/2008
mbam-log-7-25-2008 (20-07-42).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 176561
Temps écoulé: 1 hour(s), 16 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\DRIVERS\logiflt.iad (Rootkit.Agent) -> Quarantined and deleted successfully.
Second today MBAM log (no detection) :
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 5.1.2600 Service Pack 3
13:18:08 30/07/2008
mbam-log-7-30-2008 (13-18-08).txt
Type de recherche: Examen rapide
Eléments examinés: 63864
Temps écoulé: 17 minute(s), 45 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
- The PandaActive scan log and the Hitjacthis log are in 2 separated attached documents. Hope they
are correctly attached.
Something curious about the Panda log : during the scan, the displayed text showed 19 infections,
but the log indicates only 11. Where have the 5 missong one diseapered ?
I had some difficulties with the Panda scan, because it describes the previous PandaScan version,
and at first, I did not know how to get the log. Hope this log layoutis what you expect.
I do not use any more the Norton AV, must remain somewhere some tracks of it.
The so called Rootkit.gen has appeared several times these last days, I tried to determine when it
could be created, with no success.
Thanks for the help.
Attached Files
-
ActiveScan.txt 8.15K
40 downloads
Back to top
