xx521xx

Members
  • Content count

    30
  • Joined

  • Last visited

About xx521xx

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. I think this is some bloatware included with audio drivers. VirusTotal has one heuristic hit: link Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alcmtr (Trojan.Refroso.Gen) -> No action taken. [8F9E1CA5A6BDC2184E8AA20A36A1F8C0] ... Files Infected: C:\WINDOWS\ALCMTR.EXE (Trojan.Refroso.Gen) -> No action taken. [8F9E1CA5A6BDC2184E8AA20A36A1F8C0] ALCMTR.zip
  2. Thanks, confirming that it's fixed in database version 3849.
  3. Two possible false positives that appeared recently, with no hits at VirusTotal: mdimon.dll and mdippr.dll. Memory Modules Infected: C:\WINDOWS\system32\mdimon.dll (Trojan.PWS) -> No action taken. [9BD76B14C57F006F3E71870F83F3063E] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll (Trojan.PWS) -> No action taken. [9BD76B14C57F006F3E71870F83F3063E] [...] Files Infected: C:\WINDOWS\system32\mdimon.dll (Trojan.PWS) -> No action taken. [9BD76B14C57F006F3E71870F83F3063E] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll (Trojan.PWS) -> No action taken. [9BD76B14C57F006F3E71870F83F3063E]
  4. Well, I didn't post in the Malware HJT Log forum because this isn't malware as far as I know. But regardless, I think I got rid of it. I restored a registry backup from prior to installation, thus getting rid of the service entry, and manually deleted the CSHelper.exe file. Maybe not the most graceful solution, but it worked.
  5. Sorry, I didn't see your post before that. It isn't causing any problem in particular, it just makes me suspicious when a program appears out of nowhere like that. Plus, I've been trying recently to reduce the amount of programs I have installed but never use, not add more!
  6. My bad, it's actually ArtistScope, not ArtSoft. This is what Avira says about the service executable:
  7. I already asked, and supposedly this wasn't installed intentionally and there was nothing to suggest it was being installed. The only thing in add/remove programs related to it was something like "ArtSoft plugin", which I already removed, but it just removes the Firefox plugin and leaves the background service installed. I don't see any obvious uninstaller for the service on my hard drive, either...
  8. So today, after someone else had been using my computer for a while, this program called ArtSoft CopySafe appeared on it. Now, nobody seems to know how this program got on the computer. It consists of a service (set to start automatically) and a Firefox plugin, but the uninstaller only removes the plugin while leaving the service to continue running automatically forever. Another strange thing is that the program's icon is loaded from a temporary folder. On the other hand, the service executable comes back clean at VirusTotal and "known clean" from Avira. But why would a legitimate program magically install itself onto my computer without any means to fully remove it? Does anyone know what the deal is with this program, and is there a better way to remove the service than by setting it to disabled and deleting the executable? I tried to find removal instructions on Google, but the only thing I found was another tale of this program appearing on someone's computer with no obvious means of removal, and no answer as to how to remove it...
  9. I was wondering whether someone could clarify what the status is of Malwarebytes and CouponBar. I used to see MBAM detect several components of this program as Adware.Coupons, but months ago the detections disappeared with some database update. Now, a recent database update has brought back 4 of these detections... What's going on here? Is MBAM supposed to detect this program or not?
  10. Are these trojan.agent detections false positives? They all seem to show up when MSWINSCK.OCX is scanned, not during the registry scan. VirusTotal analysis for MSWINSCK.OCX
  11. I'm using the free version, too. It doesn't usually ask me to reboot when updating, but the latest update did (only one installation out of two, though). I'm just trying to figure out why one MBAM installation asked me to reboot and the other didn't. And if it's not the expected behavior, I want to make sure the developers know about it. I agree.
  12. I'm seeing this same sort of behavior with version 1.39. On my main machine, it asked me to reboot after installation, but on a virtual machine, it behaved just like the first post described. No reboot prompt, no "the program had been updated" message, nothing. Also, the database was not automatically updated in either case. Both program installations seem to work fine, though, as far as I can tell.
  13. I've had trouble finding information about these files, but as far as I know, they are used by a certain type of setup program. I've seen them when installing other legitimate programs as well. The file name tends to be is-[random string].exe, which makes it hard to find info about it. It also has an associated .lst file and a .msg file. I uploaded all of these to VirusTotal and got no detections from them. The file is-[random string].exe is added to the system startup programs list, then deleted after it has run once. The purpose of this file is apparently to register some other files, and these files are specified in the .lst file. According to the .lst file added during setup of the latest version of MBAM, it registers the following files in this case, all in the MBAM program folder: mbamext.dll ssubtmr6.dll vbalsgrid6.ocx If you want to look it up, a common string associated with these files is InnoRegSetupFile. BleepingComputer thinks they're safe: http://www.bleepingcomputer.com/startups/i....exe-16618.html It appears that MBAM has begun to use this type of setup file as of the latest version, 1.39.
  14. Version 1.39 hasn't been officially announced in the announcements forum, for one reason or another, but its release was mentioned here: http://www.malwarebytes.org/forums/index.p...ost&p=98022 The download page (linked in that post) also mentions it.
  15. Hi, today I went to update MBAM and it downloaded the new version. At first it went as usual, installing the new files. Spybot asked whether I wanted to allow the new startup entry from MBAM, which I declined since I use the free version, as I always do when updating. After that, past versions have just told me that they were successfully installed, but the new version asked me to restart my computer. Spybot also asked about an InnoSetupRegFile startup entry, which I allowed before rebooting since it was from MBAM. There's no apparent problem here, and the setup entry was deleted after the reboot, as expected. But then, I decided to update an MBAM installation on a virtual machine as well, and something is different about it. After I decline the MBAM startup entry addition, MBAM doesn't seem to do anything else. It doesn't ask me to reboot nor give me a message stating that the update finished successfully, MBAM doesn't reopen, and Spybot doesn't ask about an InnoSetupRegFile startup entry. There's no obvious MBAM-related process listed in task manager, either. So I deleted the changes to my virtual machine, tried again, same result. Then I deleted the changes once again, tried one more time, and this time allowed the MBAM startup entry. But MBAM still doesn't do anything else... The program does seem to work correctly afterward, though. Is this supposed to happen?