Sign in to follow this  
Followers 0
deejay2

should i remove these probably FP please?

6 posts in this topic

hi

i just scanned my system.

can someone tell me if i should remove these or not please?

especially logon.exe seems to me like stability issue of winxp...

Malwarebytes' Anti-Malware 1.41

Database version: 3183

Windows 5.1.2600 Service Pack 2

Files Infected:

C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev) -> No action taken.

C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll (Virus.Mariofev) -> No action taken.

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2gdr\user32.dll (Virus.Mariofev) -> No action taken.

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6d23b8f719dc5412ac7aeb7db3387c36\backup\sp2qfe\user32.dll (Virus.Mariofev) -> No action taken.

C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.

C:\WINDOWS\system32\dllcache\user32.dll (Virus.Mariofev) -> No action taken.

C:\WINDOWS\$NtUninstallKB890859$\user32.dll (Virus.Mariofev) -> No action taken.

C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.

thanks for help guys, only malwarebytes found these, other programs not.

Share this post


Link to post
Share on other sites

Update and scan again , there is a FP in there that has already been fixed .

Share this post


Link to post
Share on other sites
Update and scan again , there is a FP in there that has already been fixed .

thanks...will do and let you know.....please keep me informed...thanks

Share this post


Link to post
Share on other sites

I would not remove all these entries yet. There may be some false positives in there. Update Malwarebytes to the latest database. It should be database version 3188 or higher. Then run another scan and see what it finds.

EDIT: Oops, nosirrah beat me to it. Sorry about that. :)

Share this post


Link to post
Share on other sites
Update and scan again , there is a FP in there that has already been fixed .

so i have updated and there is this left for FP:

Malwarebytes' Anti-Malware 1.41

Database version: 3188

Windows 5.1.2600 Service Pack 2

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> No action taken.

Files Infected:

C:\WINDOWS\system32\logon.exe (Worm.Emold) -> No action taken.

C:\Documents and Settings\All Users\Desktop\AntiMalware.lnk (Rogue.AntiMalware) -> No action taken.

so should i still wait for fixing?

seems to be that worm.emold logon.exe is still there......

thanks guys

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.