Jump to content

n man

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I don't have all these scanners installed. I periodically use the different on-line scanners for system checks. My security software is CA ISS. Anyway, I believe my issue was the results of upgrading to CA ISS 2009 without manual removal of CA ISS 2008 (although it should update without issue). Computer 1: 1. I disconnected computer from the network. 2. I rolled back the system with system restore (back to ISS 2008, prior to ISS 2009 install) 3. Malwarebytes check did not find any issues. 4. I installed the ISS 2009 5. Malwarebytes check found 76 issues. 6. I rolled back the system with system restore (back to ISS 2008) 6. Manually (via control panel) Uninstalled ISS 2008 7. Installed ISS 2009 8. Malwarebytes check did not find any issues. 9. Reconnected to network 10. Updated Malwarebytes 11. Malwarebytes check did not find any issues. Computer 2: 0. Upgraded to CA ISS 2009 and Malwarebytes found 76 issues. 1. I disconnected computer from the network 2. did not roll back system 3. Manually removed CA ISS 2009 (vis control panel) 4. Malwarebytes check did not find any issues 5. Installed CA ISS 2009 6. Malwarebytes check did not find any issues 7. Reconnected to network 8. Updated Malwarebytes 9. Malwarebytes check did not find any isses. The issue of just installing CSS 2009 without removing CSS 2008 caused Malwarebytes to identify 76 errors on three different computers (on two different networks). Removing CSS 2008 (or CSS 2009) and then installing CSS 2009 seems to have resolved the issue on 3 different computers (XP pro and XP home with varying software installs). Still rooting around but the issue seems to be resolved. Cheers!
  2. Hi, Malwarebytes reports the below 76 infections. I selected to clean (removed selected) the infections and it required rebooting. After rebooting, the 76 infections reappear. Norton reports no infections. Computer Associates reports no infections. McAfee reports no infections. Trendmicro reports no infections. Kaspersky reports no infections. Windows Defender reports no infections . If the computer is rebooted in "Safe Mode" Malwarebytes reports no infections. I am trying to understand if these infections are true infections. If in fact they are infections, how do I remove them? Thank you in advance. Here is the Malwarebytes listing: Malwarebytes' Anti-Malware 1.36 Database version: 1983 Windows 5.1.2600 Service Pack 3 4/14/2009 8:45:26 PM mbam-log-2009-04-14 (20-45-20).txt Scan type: Quick Scan Objects scanned: 95190 Time elapsed: 8 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 76 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\config\AppEvent.Evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\Internet.evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\ODiag.evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\OSession.evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\SecEvent.Evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\SysEvent.Evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\config\TuneUp.evt (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\Config\sam10.log (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\RealtekAC.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\msch24.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\firewall.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\Config\updater.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\Config\mswinsck.ocx (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\application data\mcrupdate.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\application data\pcant.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\application data\printer.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\cftmon.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\ftpdll.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\repair\kasutio (Rootkit.Rustok) -> No action taken. C:\WINDOWS\system32\Config\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\svchost*.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\SystemProfile\Application Data\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. C:\WINDOWS\system32\Config\systemprofile\Start Menu\Programs\Startup\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.