Jump to content


Photo

Malwarebytes Confers Mal-free Satus to my PC! Me not so sure


  • Please log in to reply
4 replies to this topic

#1 MadnessMethod

MadnessMethod

    New Member

  • Members
  • Pip
  • 2 posts

Posted 20 July 2013 - 08:40 AM

 My PC running Windows XP/SvcPak3 has been acting very strange for several days now. I attributed it to adding a lot of new programs, deleting a lot of old programs, trying to add new hardware devices, etc. But what really took the cake was: after booting up and coming into Windows, any Window--no matter which program--with a vert or horiz scrollbar would start going crazy! Even the little slider bars would bounce around. Back and forth, up and down! I thought, I have used Malwarebytes for free with success often enough, that it is worth paying for. As I tried to make the purchase online, the Language dropdown was spinning so wildly up and down that I had the darndest time picking English!!!

 

 

Anyway, Malwarebytes software does not find anything wrong, but I do not believe it, and have continued to follow my intution as a computer user for many years, and knowing this old machine of mine in particular. So I have been doing more research and investigation, using Task Mgr and Process Explorer a lot. Just now I wondered why explorer.exe was shown running as a background service in Process Expolorer, but not showing as running in the Task Manager.

 

One thing led to another, and I decided to go through my PC's registry line by line to see if anything looked odd. This is the first time in my life I have ever done this hehe! So forgive me if I don't even know how to talk about the registry. But I recognize when something seems potentially odd.

 

So I've been going line by line, opening each folder. When I found the following,  I was spurred to become a member here at the forum:

 

HKEY_LOCAL_MACHINE\SOFTWARE|Classes|bfc\ShellNew\Config 

 

Then inside of the Config folder are 2 items, along with a description and some data for each item:

 

The first item is (Default), Reg_SZ, and for Data, it says (value not set). The second is Command, REG_EXPAND_SZ, and the Data assigned to this item is a string of characters, shown below (the dashes at the start and end of the string are mine added):

 

------%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\syncui.dll,Briefcase_Create %2!d! %1---------

 

Anyway, I thought this looked oddly different from what I had seen up to that point, so I did another flash scan with Malwarebytes, which turned up nothing. I did some searching around the Web, and decided to join this forum to query  users who are surely more computer sophisticated than I. What do you all think?

 

Now I have to continue on through the registry, but need to get ready and go to work soon, too! Any thoughts on what I found?  Is it something odd, or not? If so, why didn'y my new software find this?

 

Thanks for any help and input you may offer!!

 

 

 

 

 

 

 

 

 

 



#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,904 posts
  • Gender:Not Telling

Posted 20 July 2013 - 08:46 AM

Hello and welcome, MethodMadness: :)
 
Short answer: no one single security program -- not even Malwarebytes Anti-Malware -- can possibly by itself provide 100% protection against all the many, ever-changing malware variants out in the wild.  That's why it's important to have a layered approach to computer security and to practice safe computing practices.  Moreover, today's malware is quite sophisticated and can hide very deep in the system, making detection and removal challenging.
 
Having said that, the experts will need a bit of info about your system in order to best assist you with sorting this out. :)
Please follow the instructions below and post back here with both logs attached to your next reply.
In the interim, I would respectfully suggest that you wait for expert help with editing the registry, as doing so can damage the OS.
 
OTOH, if you think you are infected, then the fastest way to get help is to follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.
A qualified helper will guide you through the cleanup process, either in the malware removal section of the forum, or at the help desk.
 
Thanks!
 
daledoc1
-------------------------------

DDS Instructions

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  •  
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 MadnessMethod

MadnessMethod

    New Member

  • Members
  • Pip
  • 2 posts

Posted 20 July 2013 - 08:58 AM

Thanks for the extremely quick response, I appreciate it. I am old enough to remember when the Registry did not even have a GUI interface, and was inspected using a DOS command. Thanks for the advice to not modify my Registry without expert advice--I certainly have no intentions of doing so!

 

Be back soon with the info!



#4 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,904 posts
  • Gender:Not Telling

Posted 20 July 2013 - 09:28 AM

Hi:

 

OK, thanks for the update. :)

 

Quick note: We don't work on malware diagnostics/removal in this sub-section of the forum. So, if you think you might be infected, please follow the advice in my previous reply, so that you can get expert help most efficiently in the correct section of the forum (or at the help desk). :)

 

Kind regards,

 

daledoc1


Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#5 David H. Lipman

David H. Lipman

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 4,247 posts
  • Gender:Male
  • Location:Jersey Shore USA
  • Interests:Malware Research, dSLR Photography, Numismatics & Surf Fishing

Posted 20 July 2013 - 12:32 PM

Thanks for the extremely quick response, I appreciate it. I am old enough to remember when the Registry did not even have a GUI interface, and was inspected using a DOS command. Thanks for the advice to not modify my Registry without expert advice--I certainly have no intentions of doing so!

 

Be back soon with the info!

 

Win3.1x and below used INI files, not a Registry, to store information about applications and application parameters and states.

 

Win95 and above used the Registry and it did provide Regedit (a GUI based utility) to peek and poke the Registry.


David H. Lipman
DLipman@Verizon.Net




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users