Root Admin RubbeR DuckY Posted August 2, 2007 Root Admin ID:6982 Share Posted August 2, 2007 Just a small update with minor improvements. Released it because of that memory leak. Also some settings were not working correctly. Comments and suggestions open in this thread as always. Link to post Share on other sites More sharing options...
ipl_001 Posted August 2, 2007 ID:6991 Share Posted August 2, 2007 Hi Marcin, Bruce, hi everyone,Just a small update with minor improvements. Released it because of that memory leak. Also some settings were not working correctly. Comments and suggestions open in this thread as always.LOLI don't know why you say there just minor improvements as, the results are impressive!My last tests were v0.62 / DBv109 /5236 fingerprints Quick scan gave a "rootkit"!Thanks for the explanations regarding this "0-byte rootkit" which was a file added by MBAM and not deleted, for some reason!By the way Bruce, I know how to run a Developer scan and I'll do this in case of another FP!~~Today,- upgraded to v0.63 -> surprisingly, my v109/5236 database went back to v105/5218Latest News still blocked at v0.61- update -> MBAMv0.63 DBv110/5272 fingerprints- Quick Scan -> 4 minutes 56 seconds for 10,092 objects -> fine!- Full Scan -> 47 minutes 7 seconds for 70,584 objects -> 13 infected files ! ie big improvements for my personal case!My previous infectious files were caught by MBAM except that in the meanwhile, I had added another one! Here's my log:Malwarebytes' Anti-Malware Version 0.63This logfile was saved before the removal process.Database version: 110Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 13Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\Documents and Settings\G Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 2, 2007 Author Root Admin ID:6992 Share Posted August 2, 2007 G Link to post Share on other sites More sharing options...
ipl_001 Posted August 2, 2007 ID:7000 Share Posted August 2, 2007 Marcin,Malwarebytes Link to post Share on other sites More sharing options...
joe53 Posted August 3, 2007 ID:7013 Share Posted August 3, 2007 False positive detection of atl71.dll (ATL Module for Windows (Unicode)?Malwarebytes' Anti-Malware Version 0.63This logfile was saved before the removal process.Database version: 112Files Infected:C:\WINDOWS\system32\atl71.dll (Adware.Accoona)virusscanjotti is 100% clean:atl71.dll MD5: 8f2097e8b174f38178570c611464935f Link to post Share on other sites More sharing options...
lurkingatu2 Posted August 3, 2007 ID:7014 Share Posted August 3, 2007 mbam 0.63 database:112 fingerprints:5314 did a quick scan and mbam 0.63 found this Malwarebytes' Anti-Malware Version 0.63This logfile was saved before the removal process.Database version: 112Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\atl71.dll (Adware.Accoona) -> No action taken.and also during the scan comodo firewall 2.4 went off and says this Date/Time :2007-08-02 17:49:53Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (sched.exe)Application: C:\Program Files\AntiVir PersonalEdition Classic\sched.exeParent: C:\WINDOWS\system32\services.exeProtocol: TCP OutDestination: 127.0.0.1::18350Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\AntiVir PersonalEdition Classic\sched.exe in memory. Date/Time :2007-08-02 17:49:07Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: TCP OutDestination: 65.54.154.20::32769Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe in memory. Date/Time :2007-08-02 17:49:05Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: UDP OutDestination: 65.54.154.20::33607Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe in memory. Date/Time :2007-08-02 17:48:45 then i opend iexplorer to come here and comodo goes off again and says Date/Time :2007-08-02 17:55:09Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: TCP OutDestination: 127.0.0.1::2983Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe in memory. Date/Time :2007-08-02 17:55:01Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (iexplore.exe)Application: C:\Program Files\Internet Explorer\iexplore.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 127.0.0.1::9022Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. Date/Time :2007-08-02 17:53:45 after i used ccleaner comodo stoped the popups Link to post Share on other sites More sharing options...
nosirrah Posted August 3, 2007 ID:7015 Share Posted August 3, 2007 virusscanjotti is 100% clean:atl71.dll MD5: 8f2097e8b174f38178570c611464935f Will be removed in next update . Link to post Share on other sites More sharing options...
nosirrah Posted August 3, 2007 ID:7016 Share Posted August 3, 2007 Removed as of now . Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted August 3, 2007 Author Root Admin ID:7017 Share Posted August 3, 2007 No clue why Comodo is complaining. All I do is query information, not modify.. Link to post Share on other sites More sharing options...
Recommended Posts