Anti virus

thescruff · Post by **thescruff** » Wed Mar 31, 2010 7:46 pm

I have Avast, superAntiSpyware Pro, Mbam, Hitman Pro, and God knows what else running, and I still picked up 2 Trojans last night.

The annoying thing is, only Mbam picked them up when I ran a scan.

kellys_eye · Post by **kellys_eye** » Wed Mar 31, 2010 8:12 pm

all of which points to surfing single-handed websites

thescruff · Post by **thescruff** » Wed Mar 31, 2010 8:59 pm

Almost certain they must be from an email.

dave.m · Post by **dave.m** » Wed Mar 31, 2010 9:21 pm

Did you get the names of them? If not,

Open MBAM -> Logs -> double click the last log.
You should be able to read what it found and removed, or:
Click Edit -> Select All -> Edit -> Copy, then paste it on here.

SAS Pro should have auto updated so may not have had the definitions.
Did you open any attachments from emails?

dave

thescruff · Post by **thescruff** » Wed Mar 31, 2010 9:37 pm

All were up to date, and no I don't open attachments only from known mail.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

31/03/2010 01:29:10
mbam-log-2010-03-31 (01-29-10).txt

Scan type: Quick scan
Objects scanned: 99367
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

dave.m · Post by **dave.m** » Wed Mar 31, 2010 9:57 pm

Someone had a similar problem here.

It appears that if it is a genuine setup.exe file it is in the wrong place.
Had you downloaded anything yesterday and then installed it, maybe an update to a program, SAS had a version update in the last couple of days that involved a new setup.exe file.

dave

dave.m · Post by **dave.m** » Wed Mar 31, 2010 10:05 pm

John,
The registry key alarm means that the Antivirus XP trojan or one of the newer versions may have got to your computer:
http://blog.misec.net/2009/08/14/image- ... istry-key/

Run another QUICK scan with MBAM and see if it turns up again.

dave

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:13 pm

I updated and ran it last night as I do every Monday.

I also ran it again last night doing a full scan, and it was clear.

I can run them again tonight.

Only downloads were the updates.

dave.m · Post by **dave.m** » Wed Mar 31, 2010 10:15 pm

If you are showing clear then it should be fine.

A quick scan should only take about 3 minutes, so for peace of mind, run a quick scan.

dave

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:21 pm

Nearer 7mins actually.

dave.m · Post by **dave.m** » Wed Mar 31, 2010 10:26 pm

Run Ccleaner tonight when you have finished, both the registry cleaner and the cleaner.

dave

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:29 pm

Ran that last night as well, have to shut down Firefox though.

Mbams is running and nearly done, no virus reports yet.

Why didn't the others pick it up, prior to Mbam.

Think mbams on a go slow

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:36 pm

Over 12mins

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

31/03/2010 23:34:52
mbam-log-2010-03-31 (23-34-52).txt

Scan type: Quick scan
Objects scanned: 99762
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:52 pm

in Ccleaner registry.

unused file extension... Mno_auto_file

unused file extension... wps_auto_file

missing type Lib reference ISearch- and a number

old start menu key uniblue

old start menu key registry booster

missing MUI reference

missingC:\windows\is-AJF65-exe

thescruff · Post by **thescruff** » Wed Mar 31, 2010 10:55 pm

Could any of this be connected to SIW or advanced system care, which was linked to last week.