4 replies to this topic

[WallysBlues]

Hi! I did a scan on my pc's limited account today with MBAM(1.26)Free (without updating using Database version 1113) and I get this result showing I'm infected. I immediately went to the Admin account and did a scan with MBAM(this time updating it first and I got Database version 1122) and to my relief>>>no infection. I went back to the limited account and did a re-scan using the updated version of MBAM and still I get the same result showing I am infected. Now, I haven't done anything yet...I just exited from the MBAM and went to google Hijack.StartMenu. I browsed this thread and this thread BUT still I don't know how to proceed regarding MBAM detection on my pc's limited account. The 2 MBAM forum threads I cited above mentioned that it will show up as MBAM detection if one has disabled the "Run" item in the Start Menu...the other thread also mentioned that it will show up as MBAM detection if one has also disabled the "recent items" button(I suppose it's the "Recent Documents List") in the Start Menu. Now, the Start Menu in my pc's limited account looks like this...obviously there is the "Run" item there(though the Recent Documents list is not there)...and so I don't know if my MBAM detection is a FP one or a real threat. My SuperAntispyware detects nothing...my AVG8 Free also detects nothing...and my pc's behaviour seems OK.

Also, it is only now that I came to know that MBAM scan done on the Admin account does not include scanning of the limited account...this is just my presumption because scan in my limited account showed infection whereas scan done on the Admin account revealed nothing. Am I right in my presumption? What do I do regarding the Hijack.StartMenu detection? Thanks!

Windows XP MCE(SP3),IE7 & FireFox3(default),HostsMan 3.1.57,AVG Free 8,CCleaner,SUPERAntispyware,F-Secure BlackLight AntiRootKit,ZoneAlarm Free 7.0.483

[dr_Bora]

It's just telling you that Control Panel item in Start Menu does not exist.

There are infections that disable certain Start menu items - that's why MBAM is detecting that setting.

If you did it yourself, just add the entry to Ignore list.

[WallysBlues]

dr_Bora, on Sep 7 2008, 03:25 PM, said:

It's just telling you that Control Panel item in Start Menu does not exist.

There are infections that disable certain Start menu items - that's why MBAM is detecting that setting.

If you did it yourself, just add the entry to Ignore list.

Yeah, I remember disabling the showing of Control Panel in the limited account's Start Menu in the past. I also remember disabling Run in the Start Menu in the limited account in the past but I decided to have it back again in the Start Menu the next day because it's my habit to run msconfig to look at my startup items...is that enough to have my MBAM detect/complain about it?

Also, do you advise to scan with MBAM separately the Limited account? Or does scanning the Admin account enough?

[EliteKiller]

WallysBlues, on Sep 7 2008, 10:19 AM, said:

I also remember disabling Run in the Start Menu in the limited account in the past but I decided to have it back again in the Start Menu the next day because it's my habit to run msconfig to look at my startup items...is that enough to have my MBAM detect/complain about it?

No need to display Run in the start menu when you can press windows key + r

Quote

Also, do you advise to scan with MBAM separately the Limited account? Or does scanning the Admin account enough?

Scan all Admin accounts.

[WallysBlues]

EliteKiller, on Sep 7 2008, 04:28 PM, said:

Scan all Admin accounts.

There is only one Admin account in my pc and one Limited account. When I scan the Admin account there was NO detection BUT when I scan the limited account there was detection(image provided on my first post on this thread)...thus it seems to me that a separate scanning of the limited account is necessary...which means that a scan of the Admin account is not comprehensive enough. This presumption of mine I would like to ask opinion from the MBAM expert.

Thanks for the tip about pressing windows key + r to access the Run item...didn't know about it. Now, I am planning to delete the Run item in the Limited account's Start Menu again...will my MBAM complain again about Hijack.StartMenu?

BTW, I'll just add to Ignore List the MBAM detection on my pc today as advised in this forum. Thanks!