8 replies to this topic

[smartdog]

Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 1

9/8/2008 8:30:01 AM
mbam-log-2008-09-08 (08-29-54).txt

Scan type: Quick Scan
Objects scanned: 46403
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\secdrv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> No action taken.


I am curious because if I do a google search on secdrv.sys it doesn't come up as such. Please advise. and edited to add I am concerned because I let MBAM delete everything.

[nosirrah]

Please update and scan again , this has already been corrected .

[smartdog]

well, seeing as I deleted the original file (secdrv.sys) from my system 32 folder and all the registry keys ..is this going to cause a problem now??

[Raid]

Nah, shouldn't cause any serious issues. You can re-acquire it from your windows XP cdrom should you need it.

[smartdog]

Raid, on Sep 8 2008, 01:38 PM, said:

Nah, shouldn't cause any serious issues. You can re-acquire it from your windows XP cdrom should you need it.

I did a system restore...that worked.

[JeanInMontana]

http://www.threatexp...spx?find=secdrv

[smartdog]

JeanInMontana, on Sep 8 2008, 04:37 PM, said:

http://www.threatexp...spx?find=secdrv

ummm, what are you telling me Jean?

[JeanInMontana]

I did a search with a FF extension made specifically for malware searches. That's what I got from Threat Expert. If nosirrah says it's a F/P then that's where I would put my $. There is also here . I don't think you searched very well, it has mixed reviews. http://www.google.com/search?q=secdrv&...lient=firefox-a

[nosirrah]

It was a FP as the malware that comes with this (a lot of other malware) is nowhere to be seen .

There were 2 DB versions that this FP existed in and the first scan log shows that you did have one of the two .

That being said the file in question here is far from critical and unliekly to ever have an impact on your system one way or another so restoring (while recommended) will likely not change the function of your computer one way or another .