deejay2 Posted November 17, 2009 ID:159136 Share Posted November 17, 2009 hii just scanned my system.can someone tell me if i should remove these or not please?especially logon.exe seems to me like stability issue of winxp...Malwarebytes' Anti-Malware 1.41Database version: 3183Windows 5.1.2600 Service Pack 2Files Infected:C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev) -> No action taken.C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll (Virus.Mariofev) -> No action taken.C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2gdr\user32.dll (Virus.Mariofev) -> No action taken.C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2qfe\user32.dll (Virus.Mariofev) -> No action taken.C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.C:\WINDOWS\system32\dllcache\user32.dll (Virus.Mariofev) -> No action taken.C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Virus.Mariofev) -> No action taken.C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.thanks for help guys, only malwarebytes found these, other programs not. Link to post Share on other sites More sharing options...
nosirrah Posted November 17, 2009 ID:159137 Share Posted November 17, 2009 Update and scan again , there is a FP in there that has already been fixed . Link to post Share on other sites More sharing options...
deejay2 Posted November 17, 2009 Author ID:159138 Share Posted November 17, 2009 Update and scan again , there is a FP in there that has already been fixed .thanks...will do and let you know.....please keep me informed...thanks Link to post Share on other sites More sharing options...
marktreg Posted November 17, 2009 ID:159139 Share Posted November 17, 2009 I would not remove all these entries yet. There may be some false positives in there. Update Malwarebytes to the latest database. It should be database version 3188 or higher. Then run another scan and see what it finds.EDIT: Oops, nosirrah beat me to it. Sorry about that. Link to post Share on other sites More sharing options...
deejay2 Posted November 17, 2009 Author ID:159153 Share Posted November 17, 2009 Update and scan again , there is a FP in there that has already been fixed .so i have updated and there is this left for FP:Malwarebytes' Anti-Malware 1.41Database version: 3188Windows 5.1.2600 Service Pack 2Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.Files Infected:C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.so should i still wait for fixing?seems to be that worm.emold logon.exe is still there......thanks guys Link to post Share on other sites More sharing options...
nosirrah Posted November 17, 2009 ID:159178 Share Posted November 17, 2009 What is there needs to be removed . Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now