Jump to content

Undread

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I just had Malwarebytes crash (Stop responding) in Windows 7 with mbamnet.dll being the faulting module as well. This happened when updating the virus database. Second time around when trying to update, everything was fine. Odd. Here is the windows log entry: Faulting application name: mbam.exe, version: 1.51.1.1076, time stamp: 0x4e0a6f10 Faulting module name: mbamnet.DLL, version: 1.51.1.6, time stamp: 0x4e0f0e56 Exception code: 0xc0000005 Fault offset: 0x00047564 Faulting process id: 0x1fc0 Faulting application start time: 0x01cc5f1f3df41d22 Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.DLL Report Id: 7eed23d0-cb12-11e0-abb3-001fbc0969d5
  2. Here are some MS articles on the service: http://technet.microsoft.com/en-us/library/cc757805.aspx http://technet.microsoft.com/en-us/community/cc512740.aspx I've exported the key, minus this subkey (just because I wasn't sure I should be posting this portion of it): [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Security] "Security"= Hex Here Here is the rest of the key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="IPv6 Helper Service" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,74,00,63,00,70,00,\ 69,00,70,00,36,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,00,\ 00 "DependOnGroup"=hex(7):00,00 "ObjectName"="LocalSystem" "Description"="Provides DDNS name registration and automatic IPv6 connectivity over an IPv4 network. If this service is stopped, other computers may not be able to reach it by name and the machine will only have IPv6 connectivity if it is connected to a native IPv6 network. If this service is disabled, any other services that explicitly depend on this service will fail to start." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Config] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 36,00,74,00,6f,00,34,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Enum] "0"="Root\\LEGACY_6TO4\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 As I said before the dll name loaded for this service is 6to4svc.dll (as you can see in the registry, once you decode the hex). If you look up the dll it is regarded as safe (and signed by MS). All the links I clicked through that regarded this service as an infection were loading a differently named DLL. Let me know if you want any more info.
  3. I just encounter what I am 100% sure is a false positive. MBAM detected the whole HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 tree to be a trojan. I realize that there are some Trojans that hijack this key, but it is a valid service most of the time. It is a MS service called IPv6 Helper Service, which uses a MS signed dll, 6to4svc.dll, in System32. It is used for IPv6 connectivity on an IPv4 network, both of my work machines have this service installed and running. Here is the log, don't mind the other three hits. I changed those flags myself. Malwarebytes' Anti-Malware 1.36Database version: 2026Windows 5.1.2600 Service Pack 2 4/22/2009 1:37:19 PMmbam-log-2009-04-22 (13-37-18).txt Scan type: Quick ScanObjects scanned: 79269Time elapsed: 5 minute(s), 20 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 3Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken. [385753513430414438586445483634456446343641424738615258525338466136868383707985368079858380775270856152708387746870846123858021] Registry Values Infected:(No malicious items detected) Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688380848071856152706886837485900136707985708393347985745574838684377484666777704780857471903018130117]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [51384945343638304144385864454836344564463436414247386152483953563451386146746883808480718561527068868374859001367079857083933974837088667777377484666777704780857471903018130117]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [513849453436383041443858644548363445644634364142473861524839535634513861467468838084807185615270688683748590013670798570839354816966857084377484666777704780857471903018130117] Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.