No replies to this topic

[Jenkins' Ear]

Brand new to MalwareBytes and this forum. If this is in wrong forum, please route me to correct place.

I ran the Antivirus 2009 removal today, and got this MBAM log:

Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 3

1/8/2009 4:38:04 PM
mbam-log-2009-01-08 (16-38-04).txt

Scan type: Quick Scan
Objects scanned: 92281
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\etc\services.1 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\services.2 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\services.3 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\services.4 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

My questions:

1. What is a "Reserved.Word.Exploit?"
2. What does "Rogue.WinAntivirus" signify?
3. What does a "Hijack.StartMenu" mean

IOW, can you point me to a place where these scan results are more fully described?

Thanks.