-
Posts
46 -
Joined
-
Last visited
Reputation
0 NeutralAbout roddy32
- Birthday 08/29/1949
Profile Information
-
Location
Kansas, USA
-
Interests
Nascar and Red Sox baseball
Recent Profile Visitors
-
Mbam update on XP now wont start on 2 machines
roddy32 replied to banger's topic in Malwarebytes for Windows Support Forum
XPSP3 free version of MBAM and had the same problem. I uninstalled, rebooted, ran MBAB-clean.exe, rebooted again and did a clean install and it works fine now. Edit to add that I do not have ZoneAlarm or another third party firewall installed so in MY case there was no conflict with that. -
Looks great, Reminds me of my old hooked on Pac Man days.
-
atapi.sys rootkit - can't start computer
roddy32 replied to whatmeworry?'s topic in Malwarebytes for Windows Support Forum
Well said and I would also like to thank the MBAM team. -
atapi.sys rootkit - can't start computer
roddy32 replied to whatmeworry?'s topic in Malwarebytes for Windows Support Forum
All fixed here also , Thanks for the quick response on this. -
Updated and rescanned. It's all fixed, no malware found. Thanks for the quick response on this sUBs.
-
Thanks sUBs. I left it alone so I am having no problems. There is another thread about this with quite a few more people posting if you have not seen it yet. http://www.malwarebytes.org/forums/index.p...view=getnewpost
-
atapi.sys rootkit - can't start computer
roddy32 replied to whatmeworry?'s topic in Malwarebytes for Windows Support Forum
A couple more of us posted this same thing in the False Positives forum http://www.malwarebytes.org/forums/index.p...view=getnewpost I am not having any computer problems myself though because I took no action. I also posted a developer mode scan in the above thread. I believe it to be a false positive. -
Here is the Developer Mode scan results. Malwarebytes' Anti-Malware 1.41 Database version: 3143 Windows 5.1.2600 Service Pack 2 11/10/2009 9:02:29 PM mbam-log-2009-11-10 (21-02-15).txt Scan type: Quick Scan Objects scanned: 101274 Time elapsed: 6 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit) -> No action taken. [4948455830518080857674850107070155385152424847302413016685668174158490840107070 15253514247405230222423212513012321203422362425241724202417241924212337223623212 4 19232624232322241924202236242024212339241923182324232222362326232123222236231824 2 123182417232622362318242123182417232623382326242119382320] HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit) -> No action taken. [4948455830518080857674850107070155385152424847302413016685668174158490840107070 15253514247405230222423212513012321203422362425241724202417241924212337223623212 4 19232624232322241924202236242024212339241923182324232222362326232123222236231824 2 123182417232622362318242123182417232623382326242119382320] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit) -> No action taken. [4948455830518080857674850107070155385152424847302413016685668174158490840107070 15253514247405230222423212513012321203422362425241724202417241924212337223623212 4 19232624232322241924202236242024212339241923182324232222362326232123222236231824 2 123182417232622362318242123182417232623382326242119382320] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\atapi.sys (Rootkit) -> No action taken. [4948455830518080857674850107070155385152424847302413016685668174158490840107070 15253514247405230222423212513012321203422362425241724202417241924212337223623212 4 19232624232322241924202236242024212339241923182324232222362326232123222236231824 2 123182417232622362318242123182417232623382326242119382320]
-
Just out of curiousity I just did a scan with TrojanHunter too which found nothing and also scanned the driver file with virus total. Results from Virus Total are below. 40 our of 41 found the file clean and the other was a heurustic result. Antivirus Version Last Update Result a-squared 4.5.0.41 2009.11.11 - AhnLab-V3 5.0.0.2 2009.11.06 - AntiVir 7.9.1.61 2009.11.10 - Antiy-AVL 2.0.3.7 2009.11.10 - Authentium 5.2.0.5 2009.11.11 - Avast 4.8.1351.0 2009.11.10 - AVG 8.5.0.423 2009.11.11 - BitDefender 7.2 2009.11.11 - CAT-QuickHeal 10.00 2009.11.10 - ClamAV 0.94.1 2009.11.10 - Comodo 2910 2009.11.10 - DrWeb 5.0.0.12182 2009.11.10 - eSafe 7.0.17.0 2009.11.10 - eTrust-Vet 35.1.7113 2009.11.10 - F-Prot 4.5.1.85 2009.11.10 - F-Secure 9.0.15370.0 2009.11.09 - Fortinet 3.120.0.0 2009.11.10 - GData 19 2009.11.11 - Ikarus T3.1.1.74.0 2009.11.10 - Jiangmin 11.0.800 2009.11.10 - K7AntiVirus 7.10.893 2009.11.10 - Kaspersky 7.0.0.125 2009.11.11 - McAfee 5798 2009.11.10 - McAfee+Artemis 5798 2009.11.10 - McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.Rootkit.H Microsoft 1.5202 2009.11.10 - NOD32 4593 2009.11.10 - Norman 6.03.02 2009.11.10 - nProtect 2009.1.8.0 2009.11.10 - Panda 10.0.2.2 2009.11.10 - PCTools 7.0.3.5 2009.11.10 - Prevx 3.0 2009.11.11 - Rising 22.21.01.09 2009.11.10 - Sophos 4.47.0 2009.11.11 - Sunbelt 3.2.1858.2 2009.11.11 - Symantec 1.4.4.12 2009.11.11 - TheHacker 6.5.0.2.065 2009.11.11 - TrendMicro 9.0.0.1003 2009.11.10 - VBA32 3.12.10.11 2009.11.10 - ViRobot 2009.11.10.2029 2009.11.10 - VirusBuster 4.6.5.0 2009.11.10 -
-
I'm getting similiar result. C:\WINDOWS\system32\drivers\atapi.sys (Rootkit) -> No action taken. This file has been on the computer since 2003 without any recent modifications. Also registry keys that are related. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi (Rootkit) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi (Rootkit) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi (Rootkit) -> No action taken. I am about 99.9% sure these are false positves.
-
IOBit Steals Malwarebytes' Intellectual Property
roddy32 replied to RubbeR DuckY's topic in Malwarebytes News
They have been red all along with Site Advisor (at least since this started) for having downloads that are considered dangerous. Not sure how long it has been that way because I had never been to their website before yesterday. I added a bad review at Download.com also for bad ethics. -
IOBit Steals Malwarebytes' Intellectual Property
roddy32 replied to RubbeR DuckY's topic in Malwarebytes News
I posted this yesterday at LnR. http://www.lognrock.com/forum/index.php?showtopic=19159 Donna posted it also at CoU http://www.calendarofupdates.com/updates/i...c=24676&hl= And she also posted it at CNET in the news thread in the V&S forum http://forums.cnet.com/5208-6132_102-0.htm...6;forum-threads -
IOBit Steals Malwarebytes' Intellectual Property
roddy32 replied to RubbeR DuckY's topic in Malwarebytes News
I would think these people will think about what they have done with all the uproar but unfortunately it is too late already. I have NO idea how good or bad their programs are but that in unimportant now. -
IOBit Steals Malwarebytes' Intellectual Property
roddy32 replied to RubbeR DuckY's topic in Malwarebytes News
I just heard back from Lee Koo at CNET. Coming from him the download.com people may get on this quickly. -
IOBit Steals Malwarebytes' Intellectual Property
roddy32 replied to RubbeR DuckY's topic in Malwarebytes News
I just e-mailed Lee Koo at CNET about this. He does not run download.com but he runs the forums and I am sure he will let whoever needs to know about this.