Jump to content

JohnnySokko

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Reputation

0 Neutral
  1. gonzo, Thanks. I looked at the scan log again (relevant part pasted below), and assuming the MD5 hash that you referred to is this 32-digit number 42d1b4986f1bdf573c6e991208fbd828, then yes, I see that three of the four files all share the same MD5 hash. However, even though the MD5 may be the same, the files names are different. The first is mf.dll, the second is 8afc49b02429a, and the third is ugcqysiaeo.tmp. So are these, then, all different or not? Having said that, I just noticed that this number 9A88E103-A20A-4EA5-8636-C73B709A5BF8 (whatever this number is called) is the same for all four of them, so now I'm confused. Sorry. Folders: 1 Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Files: 3 Trojan.FakeMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\mf.dll, Delete-on-Reboot, [4ec5fa52b4d6b97d32ec83aeb64c11ef], Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ugcqysiaeo.tmp, Delete-on-Reboot, [42d1b4986f1bdf573c6e991208fbd828], Most important, I'm still wondering why the scan results are not consistent with the quarantine list. That is, why are four threats listed as being detected in the scan log but only two of them appear listed in quarantine? What happened to the other two? If you could explain it a little better, I would really appreciate it. So are they actually in quarantine now — or were they deleted and removed from the system when the computer was rebooted?
  2. Ugh, most of my images were cut off. I'm going to try uploading the one showing delete on reboot again. Hope it works this time.
  3. Hello. I visited a website the other day and knew right away that I picked up an infection. I scanned with Malwarebytes, and after the scan was finished, it reported that 4 infected items were found. (See attached screenshot. A text file of the scan log is also attached.) I selected the option to quarantine the threats, then I rebooted my computer. All is now well. Today, however, out of curiosity I looked at the quarantine and noticed that only 2 of the 4 items are shown there. (See attached screenshot.) My question is . . . Why doesn't the number of threats that were found (i.e., four) match the number of items shown in quarantine (i.e., two)? Where are the other two items? And a separate-but-related question . . . Although quarantine was chosen as the action that I wanted applied to the threats, I noticed the scan log lists the action taken as delete on reboot. (See attached screenshot.) My understanding regarding quarantine is that when a file is quarantined, the file is not actually deleted. Instead, the file is just isolated from the rest of the system so that it can no longer pose any danger. If that's the case, why does the scan list delete on reboot as the applied action even though I chose to quarantine them? I don't follow. Sorry. MBAM scan log showing the four threats that were found.txt
  4. Thanks for the confirmation. I appreciate it. Also, great job in being one of the first vendors to detect it. If possible, I would like to ask a follow-up question . . . After reading your confirmation, I decided to go ahead and run another MBAM scan so I could quarantine the file this time around. Before doing so, however, I decided to run a scan with HitmanPro. Yesterday, HitmanPro was not detecting the file, so my curiosity got the best of me. I just couldn't resist seeing whether or not it would do so today. It did, or at least the Kaspersky-half of it did (Bitdefender still is not detecting it). Anyway, after it made the detection, a report of the file was made available, providing many additional details. That's what I would like to ask about. Specifically, the report indicates that several other files are associated with the infection, in what HitmanPro refers to as a "forensic cluster." A copy of the full report is attached, but in brief, the report lists the primary detection (i.e., 9EA5.tmp) along with the associated files as follows: C:\Users\DannyLion\AppData\Local\Temp\Low\9EA5.tmp C:\Users\DannyLion\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NH2HU5K.txt C:\Users\DannyLion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARJKQDTC\favicon[5].ico C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf What I would like to know is this: If I use MBAM to clean this infection, will MBAM also remove these additional files that are associated with the infection as well? Thank you. HitmanPro - detection of 9EA5.tmp.log
  5. MBAM is detecting a file on my computer as malicious, classifying it as a Trojan.Agent.VT. The name of the file is 9EA5.tmp and the file path is: C:\Users\DannyLion\AppData\Local\Temp\Low\9EA5.tmp I uploaded it to VirusTotal a couple of hours ago. The detection ratio was 13/57. (See here: http://bit.ly/1DUQnUd.) With MBAM's positive detection being the exception, most of the vendors that I trust are currently detecting it as safe, so I am hoping that someone can look at the file and verify whether or not it is indeed malicious. Thanks! MBAM scan log - file 9EA5.tmp being detected as Trojan.Agent.VT.txt 9EA5.zip
  6. Hello. Under Settings, there is a Detection and Protection sub-tab. Clicking it displays several different options that can be turned off or on, one of them being an option to scan for rootkits. I have the option to scan for rootkits turned on (see attached screenshot). However, every time that I go to perform a scan (specifically, custom scans—where options can be chosen), if I wish for MBAM to scan for rootkits, I still have to place a check mark in the Scan for Rootkits box located under Custom Scanning Options (see attached screenshot), even though the option to scan for rootkits is already enabled in the Detection settings. I'm not sure if this is an oversight in the workings of the program or if it's a matter of me not understanding something, but what I would like to know is this: What is the point of having the option enabled in the Detection settings—if it still needs to be enabled again in a different place every time that a scan is performed? Am I missing something? Thanks!
  7. Thanks, David. I appreciate the reassurance. I trust what you and shadowwar have said on the matter. That aside, ugh, I hate to ask another question, but I would really like to know something. Is there any way for me to track down and find out where these came from? I'm using a new computer and would love to know where I might have screwed up at by going to or doing something that caused this. If there is something, perhaps some sort of tutorial, that would help with what I would like to find out, that you are aware of, please point me in its direction. Thanks!
  8. Thanks for the reply. Are you saying you can tell that it's a positive detection simply by looking at its location? Doesn't it actually need to analyzed or something to know for sure one way or the other? Thanks for pointing that out. That's new. A couple of days ago, there were only about six positive detections.
  9. Hello. A couple of days ago, Malwarebytes detected jnh.dll and pqaob.dll on my computer, describing them both as Trojan.Agent.ED. I scanned both files at VirusTotal, and Malwarebytes was in the minority of vendors classifying the files as malicious. If I recall correctly, I believe only 6/56 vendors detected them as malicious, one of them being Malwarebytes. My antivirus was not one of them. Because of the small number of positive detections at VirusTotal, non-recognition by my antivirus, and because I have not noticed any strange behavior on my computer, I believe these may be false positives. The scan log from Malwarebyes showing detection of the two files is attached, as well as the files themselves. Please let me know what the determination is. Thank you. Malwarebytes scan log - possible false positives.txt jnh.zip pqaob.zip
  10. daledoc1, Thanks for your reply. I'm going out in a few minutes, but when I return, I'll go ahead and try your advice. In the meantime, if you could answer these three questions, I would really appreciate it. 1.) I have a pro version of a clean uninstaller that monitors programs as they are installed. Supposedly, being that it actively monitors the entire installation process, if a program should ever need to be uninstalled, this uninstaller is supposed to be capable of removing virtually every trace of it. Can I use this? My thought is that it would be just as good (or possibly even better) than the MBAM removal tool? What do you think? 2.) You said, "Please let us know how it goes." Sure, but he problem with that is, prior to attempting to upgrade my current version of Malwarebytes to the newest version, my current version has been working perfectly fine all along. Not a single glitch—until a new version was released and the update process revealed one. So, what I'm getting at is, after I do an uninstall/reinstall, how will I actually know whether or not everything is actually fine? It will probably be several months (or longer) before a new version is released again, so after I do the whole uninstall/reinstall thing, the new version may appear to be working perfectly fine as well—until another upgrade is released, revealing the same glitch. Right? Is there any way to run any sort of diagnostics on the installed version? 3. ) In my initial post, I asked if any sort of error logs are stored by Malwarebytes, but you never addressed that, so I have no idea whether it stores any or not, but if it does, before I go ahead and uninstall it, are there any such error logs that I should pull from the program and save for you? Thanks.
  11. Hello. I have the free version of Malwarebytes installed. The version number is 2.0.3.1025 About a week or so ago, I opened the program to do a routine periodic scan and received a message that a new version was available, and I was then asked if I wanted to upgrade to the new version now or later. I went ahead and clicked the button to upgrade now, but as soon as I did, the program simply closed. I have tried several times since then to perform the update but without any success. Every time that I try, the same thing happens, i.e., Malwarebytes just closes up and goes away. No error messages or anything. I thought about just doing a clean uninstall/reinstall, but before doing so, I thought I should report the issue first. Also, I have a few questions that I would like to ask: 1.) Is this a known issue? If yes, what's the cause, and is there a simple fix? 2.) I know that MBAM stores logs of any scans performed, but what about error logs? That is, does MBAM maintain any sort of error logs which might possibly show the reason for the issue that I'm experiencing? 3.) Should I just go ahead and proceed with doing a clean uninstall/reinstall, hoping that everything will be fine after that? Or instead, is something else recommended? If yes, what? Thanks!
  12. Hello. Mods/administrators: I wasn't sure exactly where to post this, so please feel free to move this to a more appropriate forum if necessary. My issue: I'm having trouble updating my free version of Malwarebytes (an issue that I will soon be creating a separate post for, as I figured it's probably best not to combine two different issues in one post). After I tried unsuccessfully to troubleshoot the problem myself, I decided to come here for help, so I typed "Malwarebytes Forum" into Google, which then brought up your website. However, as soon as I clicked the link for your site, my web browser warned me that a problem exists with your site's security certificate and advised me not to proceed. (A screenshot is attached showing the error message that I received.) Suspecting that the warning was simply a false positive of some sort, I proceeded anyway — so here I am. However, now that I'm actually here, I see that the adress bar on Internet Explorer is also showing a certificate error associated with your site. (A screenshot of this is attached as well.) I spend a lot of time on the Internet, visiting scores of different sites, and I rarely come across this type of warning, so I know that my browser does not have a habit of throwing up warnings like this regularly. I'm very surprised to see such an issue with your website. What's going on? Thank you. MBAM website warning.bmp Malwarebytes Certificate Error.bmp
  13. Hello, I thought I would bring this matter to the attention of the forum: I recently downloaded and installed Comodo System Utilities, and as soon as I used it, I noticed that the program lists the malware status of Malwarebytes services as unknown, which makes makes it look as though there is something wrong with Malwarebytes. I have no concerns about Malwarebytes, so there is no need to reassure me that the program is okay. I'm only writing so that the appropriate people can be made aware of the issue and get it straightened out with Comodo. I have already made a post on the Comodo forum about this issue, and this is what I wrote: Hello, I just downloaded the Comodo System Utilities program, and after playing around with it for a few moments, I am now completely turned off by Comodo and will never use any Comodo products ever again. When I run the Autorun Manager module of the program, under Services, it says that the malware status of Malwarebytes and SUPERAntiSpyware is unknown! It's so obvious what Comodo is attempting to do. Come on! Out of the dozens of services that I have running, the only two that the program is calling into question are the services of two of Comodo's competitors?! That's one of the cheapest tactics that I've ever seen. Comodo knows full well that there's nothing wrong with either of those two programs, so Comodo System Utilities should be showing them in green (clean), not as unknowns. It's nothing but an attempt by Comodo to make people doubt the products of their competitors, and it's pathetic. A Comodo forum moderator then replied with the following: This has nothing to do with the fact that they are competitors. All it means is that Malwarebytes and SuperAntiSpyware have updated since the last time they were whitelisted by hash. I'm sure they are trusted through the trusted files list in Comodo Internet Security. Thus, if you ran Comodo Internet Security they would be trusted anyway. If you would like them to be trusted by hash, which is what CSU does, you should submit them in this topic. Thank you. And I responded to his reply with this: Thanks for dropping in and addressing this issue. It's always nice to see a concern addressed by a moderator. That being said, I do have some issues with your response, though. "This has nothing to do with the fact that they are competitors. All it means is that Malwarebytes and SUPERAntiSpyware have updated since the last time they were whitelisted by hash." I have no idea how Comodo goes about creating their whitelists, and I have no idea what you meant by saying, "by hash," but regardless, Malwarebytes and SUPERAntiSpyware are two extremely popular programs, especially Malwarebytes. Malwarebytes has millions of users, and it's unfathomable to me that the developers in charge of Comodo System Utilities would not be able to keep the whitelist current for such an extremely popular program. I have scores of services running on my computer, many of them very obscure, yet Comodo System Utilities is able to list them all as being clean, but strangely, it plays completely dumb when it comes to a very well respected program that's used by millions (i.e., Malwarebytes). If the developers have the data to list all of my obscure services as clean, then they certainly should have the data for one of the most popular programs around. So, no disrespect to you personally, but your explanation offered in defense of Comodo simply doesn't make any sense to me. It's a very weak excuse. And furthermore, it gets worse: In my earlier post I reported that when I run the Autorun Manager module of the program, under Services, it says that the malware status of Malwarebytes and SUPERAntiSpyware is unknown, but I just played around with the program some more, and this time, I discovered that when I run the Autorun Manager, under Startup, it's actually showing SUPERAntiSpyware as being infected! This is totally unacceptable. I don't know if there's any truth to the suspicions that I have about Comodo doing this on purpose to make people have doubts about some of their competitor's products, but if that isn't true, then the only other explanation is that the developers are asleep at the wheel. Either way, the situation isn't good, and it makes Comodo look very bad. "If you would like them to be trusted by hash, which is what CSU does, you should submit them in this topic." Hmm, I'm not really sure why that would be my job to do so. The Comodo developers get paid to make sure the programs work right, do they not? They should already be on this, not me.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.