WaxusDeWeeval

I read the false path detection comment & thought that fhis might be in that realm, but I am not certain. After recent updates of Malwarebytes & subsequent scans I twice started to experience some bugs with my ATI multimedia video recording program. Malwarebytes said it should remove some pups, but I question if they ever existed. I ran cCleaner registry & it later showed a missing app in the ATI Multimedia folder & therefore an invalid path to "yourapp.exe". I have been using these programs for years (ATI Version: 7.9). I don't remember ever seeing a file by that name, but I think that possibly this mysterious empty path might have shown up after both scans that left my ATI program in buggy condition. The only way to repair ATI Multi' is to do a complete de-installation of ATI Multimedia, & of course re-installation which I suppose means that some file (but not "yourapp.exe) was removed. Mind you, this is total theory. I also scan with Avast antivirus but I can find nothing in regard to this detection in either log or quarantine of both programs. I hope that I'm not simply clogging up your blog with useless information, but in spite of evidence to back up this idea, a bell went off after reading about your false paths problem which seemed to explain some of these recent annoying problems which I have been dealing with. As usual, thanks for the space to communicate.

Hi, This is an old item but I wanted to acknowledge your reply and tell you where I finally went with this topic. The computer which would not accept the update to the most recent format of Malwarebytes apparently contained a non-updated operating system (not Sp3.) I am now suspecting that this may be the reason for the failure of this system to work with the more recent versions of Malwarebytes. Of course confirmation of that may remain a detail that only the Malwarebytes experts should say. This is an assumption on my part, and I could be wrong. As I did not want this computer to be without similar software the user installed "Spyware Terminator" which doesn't have a compatibility problem with older versions of Windows XP. I have noticed over the past year that many other types of software have suddenly become incompatible with XP systems that were not updated to Sp3. Perhaps that is the way that things are going? Anyway, thanks for your reply. and good luck.

Appreciate your help. If I understand what is happening here, there is an issue with the installar or some other undetermined detail. I will follow if you continue to update this to see an outcome. On that one particular computer there has been no malwarebytes working installation since the last major change to the program. On the other computers, all is well now, and the program changes seem rather impressive to me. What a beautiful piece of programming work. Thank You. Best of luck.

Hello, Downloaded from your link... Error message again: "Runtime Error (at -1:0): Cannot Import dll:C\USER\is-AMOME.tmp\mbam.dll" But perhaps there is a culpable reason. I discovered that one of the systems which I was working on was not Home XP Sp3 but XP Pro and not.... Sp3. It is Sp1. Hmmm. Is that why I can't get this to work properly? Sorry for the misinformation regarding the one system. T-Y

This is the eroor message which I was receiving... "Runtime Error (at -1:0): Cannot Import dll\USER\is-F8R8K.tmp\mbam.dll" -=-=-=-= "USER" being my user name. Like a dummy I tried installing the version I had downloaded before you made your 'fix' and guess what message I received. Duh! I'll be back to let you know what happened after I downloaded your update. Thank you.

I have encountered this problem on my own computer as well as the computer of a friend. After downloading the recent malwarebytes internal update towards version 1.45, we both recieved the error message that malwarebytes setup was unable to import the mbam.dll. (This message referring to part of the process of update installation which takes place after that download.) I am not certain if the software was referring to the mbam.dll that the original installation directory contains, but it certainly was there to be imported. Niether of us users have malwarebytes installed in a default directory (I.E. "Programs"). We both have Xp Home Sp3 with Comodo (CIS) and Avast anti-virus. I do not believe that any of these items appeared to be interferring with the uodate process in any visiable manner. I attempted the update 2 times. I am thinking to go back, download the complete new program separately, and start from there. Unfortunately, I have this premonition that perhaps... the same thing will happen again. What gives? What should we do? Thanks. Great software! In spite of this temporary glitch.

My computer was recently hit by some type of trojan madness. Malwarebytes was the program that detected and... as far as I know, removed the various precenses created by this trojan. During the final stages of removal an update came to Malwarebytes which seems to have installed the file "is-FN7AF.exe". Just to double-check, as this file seems to have been installed in my WIndows folder... Is this really a part of the latest version of Malwarebytes? Thank you for your time. Dan

Hello again. This is an update regarding this report. I think that it was 2 days later that a download to my new installation of Malwarebytes 1.35 allowed me to detect and remove the following (I am copying part of the Malwarebytes log to this report): =-=-=-=-= Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Delete on reboot. HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\MSWINSCK.OCX (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\MSWINSCK.OCX (Trojan.BHO) -> Delete on reboot. -=-=-=-=-=-=-= I do not know, but perhaps there might be some relationship to the disappearance of my original installation of Malwarebytes operating files and the trojan which Malwarebytes 1.35 detected at a later date. I have not experienced any further problems. Thanks again for everything.

Hi, I thought that I should let you know. I updated like everyone else to the latest version. And I had been having some updating problems of late (In as much as no update would take place.) When this happens with any of my malware detection programs or anti-virus software I tend to go to my alert mode. Today it appears that perhaps my apprehension was justified. I noticed that the icon for Malwarebytes was not normal in my Startup Menu. I looked to the Malwarebytes installation folder (I use an alternate location) and found that mbam.exe was no where to be found. mdor existed as well as a few dll files and the uninstall file. I reinstalled Malwarebytes from scratch and it seems to be OK. (I guess that remains to be seen.) But where did it go? It is, after all, almost April 1, the notoroius day of 'pranking'. My system is Windows XP Pro Sp2 (where I stopped because I hate some of the copy 'protection' added along with Sp3.) I have Directx10. My browser usually is Firefox. I also have Home XP Pro 2 installed on the same computer. Everything runs quite well and it's a clean machine. Avast4 and Comodo Internet Security Suite Personal (Now that could be a little conflict of interest to work out) are also in play. My only recent detections have been false ones (Comodo detecting Avast4 update temps) and 2 cookies detected as trojans by Malwarebytes most recent version update, which were removed. I hope that this is nothing serious. Thanks for your attention.

I am a part-time packrat, there can be good reasons to hold onto older versions. The version was actually the current version 2.41 on the website. I can only say that if that or some of the files available to download of that version did contain trojan vundo... The 2 which I downloaded a few days later did not. But as I said before this detection I had mentioned in a Majorgeeks forum, that Malwarebytes had detected trojan vundo in Mp3tag (2.41). So there is the possibility that the file was replaced in the interim with a clean one, or that an update in Malwarebytes in the interim was not equally detecting (?) the trojan vundo.

Darn... I have not been able to find one of the original Mp3tag files which malwarebytes identified as positive for trojan vundo. I did return to Majorgeeks.com to download the file version which is now available at their website. It currently does not test positive (as it did previously) in Malwarebytes for trojan vundo. And of course Malwarebytes has also been updated several times since my detections had been made. So of course one would have to consider this incident 'inconclusive'. Apparently other 'positive' findings for vundo (as well as other objects) on my computer by AVG were false alarma related to Spywareblaster entries in the Windows regsitry. You probably were already aware of this, but I thought I would peg it into this reply so that anyone following this thread might realise that what we have been discussing appears to have been limited to an alarm on Mp3tag. That alarm later was not confirmed. And as I said before, that finding for me has been relegated to the inconclusive bin. I myself was becoming suspicious to this as Spywareblaster appeared to lose some of it's protections after AVG removed some registry settings. Resetting Spywareblaster led to new detections by AVG anitvirus v8. Lesson learned? Next time instead of scrambling to erase all evidence... Hang onto just one copy to send to the chief. Thanks for your time. Until next time. B) Dan

Hi, I am going to have to get back to you on this. The reason is that I have already deleted any downloaded copies of Mp3tag which had tested positive for vundo which had existed on my current hard drives. I am thinking that I have another copy elsewhere, and of course, assuming that the most reason copy at majorgeeks.com has not been replaced (I reported my findings to them prior to my report to you) I could download the file again. I am not looking forward to that. By the way, you did find the correct file that I was telling you about. Now that I think of it I realise that I should have attempted to upload my 'contaminated' copy to you, supposing that this is not a false positive. One more thing. We all know that computers and other software have been known to go 'crazy' after Microsoft updates. My computer had recently been updated to Sp3 Home XP. I haven't noticed anything to indicate that this update has 'scrammed' my sytem in any way, but it is probably a good thing to alert you to these details. One other thing (This time, for sure!) my most recent updates of AVG free antivirus version 8 did identify vundo along with some other simular trojans and adware, mostly in directories of Internet Explorer related to scripted (activex) software. It successfully removed these items as well. Back with more hopefully tomorrow. Thank You for the great support. Dan

Hi, I have recently been going through a depressing experience in which recently downloaded versions of mp3tag have been associated with the trojan vundo by Malwarebytes. I have never had this problem before. I downloaded the files from majorgeeks.com over the past several weeks again, after Malwarebytes had identified a connection with recent installations of mp3tag & vundo on 3 of my computers. Being careful, I deleted the directories in which this software had been installed. This was followed by a new cycle in which my computer began to prompt me to update my registry with 2 endlessly cycling settings: 1) regedit.exe %1 changed to regedit.exe %1* (and back again ad-nauseum) 2) Name (Company Name) %1 /S to %1* for .scr (and back again ... ad-nauseum ) This is not the kind of 'Neverending Story' that I like to be part of. In addition to this, the newly downloaded mp3tag files from majorgeeks.com were testing positive for trojan vundo immediately after being downloaded and before they were opened... by Malwarebytes. Both avg antivirus as well as bitdefender do not detect the trojan vundo in this circumstance, but because of the behavior of my computer I have no doubts that the Malwarebytes detection was not a false positive. If you have any thoughts regarding this ( and enough expertise to offer genuine insight and direction in dealing with it, I would appreciate your feedback. ) Is there a good way to deal with cycling registry change requests... other than formatting your hard drive and starting a completely new installation of XP? Others seem to have a feeling of disbelief that this vundo might have come with my mp3tag software, but when you get a positive detection on freshly downloaded files (and not on the older version you already have had of a program) what can your conclusion be?