RubbeR DuckY

Version 0.63

9 posts in this topic

Just a small update with minor improvements. Released it because of that memory leak. Also some settings were not working correctly. Comments and suggestions open in this thread as always.

Share this post


Link to post
Share on other sites

Hi Marcin, Bruce, hi everyone,

Just a small update with minor improvements. Released it because of that memory leak. Also some settings were not working correctly. Comments and suggestions open in this thread as always.
LOL

I don't know why you say there just minor improvements as, the results are impressive!

My last tests were v0.62 / DBv109 /5236 fingerprints Quick scan gave a "rootkit"!

Thanks for the explanations regarding this "0-byte rootkit" which was a file added by MBAM and not deleted, for some reason!

By the way Bruce, I know how to run a Developer scan and I'll do this in case of another FP!

~~

Today,

- upgraded to v0.63 -> surprisingly, my v109/5236 database went back to v105/5218

Latest News still blocked at v0.61

- update -> MBAMv0.63 DBv110/5272 fingerprints

- Quick Scan -> 4 minutes 56 seconds for 10,092 objects -> fine!

- Full Scan -> 47 minutes 7 seconds for 70,584 objects -> 13 infected files ! ie big improvements for my personal case!

My previous infectious files were caught by MBAM except that in the meanwhile, I had added another one! :D

Here's my log:

Malwarebytes' Anti-Malware Version 0.63

This logfile was saved before the removal process.

Database version: 110

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\G

Share this post


Link to post
Share on other sites

Marcin,

Malwarebytes

Share this post


Link to post
Share on other sites

False positive detection of atl71.dll (ATL Module for Windows (Unicode)?

Malwarebytes' Anti-Malware Version 0.63

This logfile was saved before the removal process.

Database version: 112

Files Infected:

C:\WINDOWS\system32\atl71.dll (Adware.Accoona)

virusscanjotti is 100% clean:

atl71.dll

MD5: 8f2097e8b174f38178570c611464935f

Share this post


Link to post
Share on other sites

mbam 0.63 database:112 fingerprints:5314 did a quick scan and mbam 0.63 found this Malwarebytes' Anti-Malware Version 0.63

This logfile was saved before the removal process.

Database version: 112

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\atl71.dll (Adware.Accoona) -> No action taken.

and also during the scan comodo firewall 2.4 went off and says this :D Date/Time :2007-08-02 17:49:53Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (sched.exe)Application: C:\Program Files\AntiVir PersonalEdition Classic\sched.exeParent: C:\WINDOWS\system32\services.exeProtocol: TCP OutDestination: 127.0.0.1::18350Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\AntiVir PersonalEdition Classic\sched.exe in memory. :D Date/Time :2007-08-02 17:49:07Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: TCP OutDestination: 65.54.154.20::32769Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe in memory. :D Date/Time :2007-08-02 17:49:05Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: UDP OutDestination: 65.54.154.20::33607Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe in memory. Date/Time :2007-08-02 17:48:45 :( then i opend iexplorer to come here and comodo goes off again and says :) Date/Time :2007-08-02 17:55:09Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (MSNAccel.exe)Application: C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exeParent: C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exeProtocol: TCP OutDestination: 127.0.0.1::2983Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe in memory. :) Date/Time :2007-08-02 17:55:01Severity :HighReporter :Application Behavior AnalysisDescription: Suspicious Behaviour (iexplore.exe)Application: C:\Program Files\Internet Explorer\iexplore.exeParent: C:\WINDOWS\explorer.exeProtocol: TCP OutDestination: 127.0.0.1::9022Details: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe modified the memory of the Parent application C:\WINDOWS\explorer.exe in memory. Date/Time :2007-08-02 17:53:45 after i used ccleaner comodo stoped the popups :)

Share this post


Link to post
Share on other sites

virusscanjotti is 100% clean:

atl71.dll

MD5: 8f2097e8b174f38178570c611464935f

Will be removed in next update .

Share this post


Link to post
Share on other sites

No clue why Comodo is complaining. All I do is query information, not modify..

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.