Page 1 of 2
Anti virus
Posted: Wed Mar 31, 2010 7:46 pm
by thescruff
I have Avast, superAntiSpyware Pro, Mbam, Hitman Pro, and God knows what else running, and I still picked up 2 Trojans last night.
The annoying thing is, only Mbam picked them up when I ran a scan.
Posted: Wed Mar 31, 2010 8:12 pm
by kellys_eye
all of which points to surfing single-handed websites
Posted: Wed Mar 31, 2010 8:59 pm
by thescruff
Almost certain they must be from an email.
Posted: Wed Mar 31, 2010 9:21 pm
by dave.m
Did you get the names of them? If not,
Open MBAM -> Logs -> double click the last log.
You should be able to read what it found and removed, or:
Click Edit -> Select All -> Edit -> Copy, then paste it on here.
SAS Pro should have auto updated so may not have had the definitions.
Did you open any attachments from emails?
dave
Posted: Wed Mar 31, 2010 9:37 pm
by thescruff
All were up to date, and no I don't open attachments only from known mail.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
31/03/2010 01:29:10
mbam-log-2010-03-31 (01-29-10).txt
Scan type: Quick scan
Objects scanned: 99367
Time elapsed: 7 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Posted: Wed Mar 31, 2010 9:57 pm
by dave.m
Someone had a similar problem
here.
It appears that if it is a genuine setup.exe file it is in the wrong place.
Had you downloaded anything yesterday and then installed it, maybe an update to a program, SAS had a version update in the last couple of days that involved a new setup.exe file.
dave
Posted: Wed Mar 31, 2010 10:05 pm
by dave.m
John,
The registry key alarm means that the Antivirus XP trojan or one of the newer versions may have got to your computer:
http://blog.misec.net/2009/08/14/image- ... istry-key/
Run another QUICK scan with MBAM and see if it turns up again.
dave
Posted: Wed Mar 31, 2010 10:13 pm
by thescruff
I updated and ran it last night as I do every Monday.
I also ran it again last night doing a full scan, and it was clear.
I can run them again tonight.
Only downloads were the updates.
Posted: Wed Mar 31, 2010 10:15 pm
by dave.m
If you are showing clear then it should be fine.
A quick scan should only take about 3 minutes, so for peace of mind, run a quick scan.
dave
Posted: Wed Mar 31, 2010 10:21 pm
by thescruff
Nearer 7mins actually.
Posted: Wed Mar 31, 2010 10:26 pm
by dave.m
Run Ccleaner tonight when you have finished, both the registry cleaner and the cleaner.
dave
Posted: Wed Mar 31, 2010 10:29 pm
by thescruff
Ran that last night as well, have to shut down Firefox though.
Mbams is running and nearly done, no virus reports yet.
Why didn't the others pick it up, prior to Mbam.
Think mbams on a go slow
Posted: Wed Mar 31, 2010 10:36 pm
by thescruff
Over 12mins
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3930
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
31/03/2010 23:34:52
mbam-log-2010-03-31 (23-34-52).txt
Scan type: Quick scan
Objects scanned: 99762
Time elapsed: 12 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Posted: Wed Mar 31, 2010 10:52 pm
by thescruff
in Ccleaner registry.
unused file extension... Mno_auto_file
unused file extension... wps_auto_file
missing type Lib reference ISearch- and a number
old start menu key uniblue
old start menu key registry booster
missing MUI reference
missingC:\windows\is-AJF65-exe
Posted: Wed Mar 31, 2010 10:55 pm
by thescruff
Could any of this be connected to SIW or advanced system care, which was linked to last week.