dvk01

Experts
  • Content count

    286
  • Joined

  • Last visited

About dvk01

  • Rank
    True Member

Contact Methods

  • ICQ
    0
  1. https://www.virustotal.com/en/url/73863327e32129ce27ba3c6b72a2c194aa08a23c6cc6bb0eea2e845846ea85ae/analysis/1390938554/
  2. spam check test This post is just to find out how long it takes for the spambots to pick up and start to use a brand new email address that has never been used before and how much spam & malware can be got from it. mbam_spam@dvk01.com These tests and the malware and phishing emails obtained from this experiment will help protect lots of users because we get early copies of email based malware and phishing
  3. 2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55550, Process: iexplore.exe) 2013/12/18 09:18:09 GMT DEREK-PC derek IP-BLOCK 54.230.10.190 (Type: outgoing, Port: 55549, Process: iexplore.exe) this is an amazon aws IP I was looking at this page when it blocked http://www.pcworld.com/article/2057222/8-1-features-microsoft-removed-from-windows-8-1.html so I assume it is an advert somewhere
  4. Files Infected: c:\documents and settings\all users\application data\network associates\BOPDATA\_date-20110214_time-110858109_enterceptexceptions.dat (Trojan.Goldun) -> Quarantined and deleted successfully. http://forums.techguy.org/virus-other-malware-removal/980776-unable-remove-trojan-goldun.html#post7813003
  5. Hi Bruce also seen this one just now http://forums.techguy.org/general-security/932326-what.html
  6. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4136 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/24/2010 3:20:27 PM mbam-log-2010-05-24 (15-20-27).txt Scan type: Quick scan Objects scanned: 153332 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE] Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. [35FF61C37574A0915CF467CFD321FF14] Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. [08A2BA14DCD902ECF56B2250EFDD61DE]
  7. I will certianly ask them to
  8. Looks like a fp to me here http://forums.techguy.org/windows-7/924865...tml#post7403754 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4136 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 5/24/2010 2:43:16 AM mbam-log-2010-05-24 (02-43-16).txt Scan type: Quick scan Objects scanned: 152971 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\ Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\CaptureText.com\Capture Text\CaptureText.exe (Trojan.Downloader) -> No action taken.
  9. Thanks Bruce
  10. why re wew still detecting the uninstallers H:\Program Files\Waves\DIAMOND UNINSTALL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. this is extremely dangerous & does no favouirs to MBAM when a user wants to uninstall a product & they can't http://forums.techguy.org/malware-removal-...tml#post7188861
  11. You cannot rely on morphine packer for detecting malware. too many legitimate files & programs are morphine packed especially in music industry http://forums.techguy.org/malware-removal-...tml#post7175721
  12. Of course there will be or should be a UAC prompt when ANY limited user attempts to run a script that will clean up protected folders IN X64 W7 all program files/program data and system32 as well as X86 versions of those folders should ALWAYS alert with a UAC prompt when any program attempts to alter anything in there That has been one of the biggest criticisms of W7 that it doesn't always alert when a program tries to do it It isn't the certificate in question here but the clean up script being set to run at start up or reboot that triggers a UAC prompt removing the start up entry by using the reg file from http://www.malwarebytes.org/forums/index.php?showtopic=29158 should stop it happening, until nest tiem mBAM is run & finds something to fix
  13. ignore please i see it was sorted out here http://www.malwarebytes.org/forums/index.php?showtopic=26896 user hadn't updated MBAM to latest definitions file