Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird MBAM Results [RESOLVED]


  • This topic is locked This topic is locked

#1
Troy

Troy

    Tech Staff

  • Technician
  • 8,841 posts
Hi there,

As discussion of malware is disallowed elsewhere, I'll post here. I was just running my weekly malware scan and got the following results. I do not believe my computer to be infected, and these have never showed up before, but I thought I'd run it by the "professionals". :)

Malwarebytes' Anti-Malware 1.20
Database version: 943
Windows 6.0.6001 Service Pack 1

12:24:15 AM 13/07/2008
mbam-log-7-13-2008 (00-24-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145687
Time elapsed: 28 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\bfsvc.exe (Trojan.Agent) -> No action taken.
C:\explorer.exe (Trojan.Agent) -> No action taken.
C:\fveupdate.exe (Trojan.Agent) -> No action taken.
C:\HelpPane.exe (Trojan.Agent) -> No action taken.
C:\hh.exe (Trojan.Agent) -> No action taken.
C:\HideWin.exe (Trojan.Agent) -> No action taken.
C:\IsUninst.exe (Trojan.Agent) -> No action taken.
C:\KHALMNPR.Exe (Trojan.Agent) -> No action taken.
C:\notepad.exe (Trojan.Agent) -> No action taken.
C:\regedit.exe (Trojan.Agent) -> No action taken.
C:\RtHDVCpl.exe (Trojan.Agent) -> No action taken.
C:\RtlUpd.exe (Trojan.Agent) -> No action taken.
C:\SkyTel.exe (Trojan.Agent) -> No action taken.
C:\twunk_16.exe (Trojan.Agent) -> No action taken.
C:\twunk_32.exe (Trojan.Agent) -> No action taken.
C:\unins000.exe (Trojan.Agent) -> No action taken.
C:\winhelp.exe (Trojan.Agent) -> No action taken.
C:\winhlp32.exe (Trojan.Agent) -> No action taken.
C:\wubi-uninstall.exe (Trojan.Agent) -> No action taken.
What do you make of this? It's got me a little confused, as I know what most of these are from a glance.

Cheers

Troy
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Hi, troy :)

The locations of those files are absolutely wrong. Most of these files, if legit, should be running from the Windows or System32 folders.

Please remove your current copy of Malwarebytes' Anti-Malware. Then...

Posted Image Please download the latest version of Malwarebytes' Anti-Malware from Here or Here

Once downloaded, Double Click mbam-setup.exe to install the application.

Download and unzip DebugView from Here to your desktop. A new folder will be created on your desktop, Debugview. Open this folder and doubleclick on Debugview.exe. Click the Capture menu item and make sure everything is checked except Log Boot.Then follow these instructions:
  • Leave DebugView running and open the latest version of Malwarebytes' Anti-Malware.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (Do not allow the computer to restart yet).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Return to DebugView and save the output to file using File -> Save
  • Once these reports are saved restart the computer
  • Post the results of the MBAM scan and the DebugView output here please.

  • 0

#3
Troy

Troy

    Tech Staff

  • Topic Starter
  • Technician
  • 8,841 posts
Hi JSntgRvr, thanks for your quick response. After following your instructions, the scan came up clean (see below), and the DebugView log was empty, so I haven't bothered to attach it. So do you think it was some kind of false-positive?

Cheers

Troy

Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 6.0.6001 Service Pack 1

9:54:19 PM 13/07/2008
mbam-log-7-13-2008 (21-54-19).txt

Scan type: Quick Scan
Objects scanned: 35640
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts

So do you think it was some kind of false-positive?

There is insufficient information. How bout a physical check? Are these present in he C:\ folder?
  • 0

#5
Troy

Troy

    Tech Staff

  • Topic Starter
  • Technician
  • 8,841 posts
Hi again,

I can't believe I didn't mention it yet - that they aren't in the C: Folder!

So I double-checked just now, they still aren't there. So, the answer to your question is no.

Cheers

Troy
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP