[Troy]

Hi there,

As discussion of malware is disallowed elsewhere, I'll post here. I was just running my weekly malware scan and got the following results. I do not believe my computer to be infected, and these have never showed up before, but I thought I'd run it by the "professionals".

Malwarebytes' Anti-Malware 1.20
Database version: 943
Windows 6.0.6001 Service Pack 1

12:24:15 AM 13/07/2008
mbam-log-7-13-2008 (00-24-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145687
Time elapsed: 28 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\bfsvc.exe (Trojan.Agent) -> No action taken.
C:\explorer.exe (Trojan.Agent) -> No action taken.
C:\fveupdate.exe (Trojan.Agent) -> No action taken.
C:\HelpPane.exe (Trojan.Agent) -> No action taken.
C:\hh.exe (Trojan.Agent) -> No action taken.
C:\HideWin.exe (Trojan.Agent) -> No action taken.
C:\IsUninst.exe (Trojan.Agent) -> No action taken.
C:\KHALMNPR.Exe (Trojan.Agent) -> No action taken.
C:\notepad.exe (Trojan.Agent) -> No action taken.
C:\regedit.exe (Trojan.Agent) -> No action taken.
C:\RtHDVCpl.exe (Trojan.Agent) -> No action taken.
C:\RtlUpd.exe (Trojan.Agent) -> No action taken.
C:\SkyTel.exe (Trojan.Agent) -> No action taken.
C:\twunk_16.exe (Trojan.Agent) -> No action taken.
C:\twunk_32.exe (Trojan.Agent) -> No action taken.
C:\unins000.exe (Trojan.Agent) -> No action taken.
C:\winhelp.exe (Trojan.Agent) -> No action taken.
C:\winhlp32.exe (Trojan.Agent) -> No action taken.
C:\wubi-uninstall.exe (Trojan.Agent) -> No action taken.

What do you make of this? It's got me a little confused, as I know what most of these are from a glance.

Cheers

Troy

[Advertisements]

Hi, troy

The locations of those files are absolutely wrong. Most of these files, if legit, should be running from the Windows or System32 folders.

Please remove your current copy of Malwarebytes' Anti-Malware. Then...

Please download the latest version of Malwarebytes' Anti-Malware from Here or Here

Once downloaded, Double Click mbam-setup.exe to install the application.

Download and unzip DebugView from Here to your desktop. A new folder will be created on your desktop, Debugview. Open this folder and doubleclick on Debugview.exe. Click the Capture menu item and make sure everything is checked except Log Boot.Then follow these instructions:

• Leave DebugView running and open the latest version of Malwarebytes' Anti-Malware.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (Do not allow the computer to restart yet).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Return to DebugView and save the output to file using File -> Save
• Once these reports are saved restart the computer
• Post the results of the MBAM scan and the DebugView output here please.

[JSntgRvr]

Hi, troy

The locations of those files are absolutely wrong. Most of these files, if legit, should be running from the Windows or System32 folders.

Please remove your current copy of Malwarebytes' Anti-Malware. Then...

Please download the latest version of Malwarebytes' Anti-Malware from Here or Here

Once downloaded, Double Click mbam-setup.exe to install the application.

Download and unzip DebugView from Here to your desktop. A new folder will be created on your desktop, Debugview. Open this folder and doubleclick on Debugview.exe. Click the Capture menu item and make sure everything is checked except Log Boot.Then follow these instructions:

• Leave DebugView running and open the latest version of Malwarebytes' Anti-Malware.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (Do not allow the computer to restart yet).
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Return to DebugView and save the output to file using File -> Save
• Once these reports are saved restart the computer
• Post the results of the MBAM scan and the DebugView output here please.

[Troy]

Hi JSntgRvr, thanks for your quick response. After following your instructions, the scan came up clean (see below), and the DebugView log was empty, so I haven't bothered to attach it. So do you think it was some kind of false-positive?

Cheers

Troy

Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 6.0.6001 Service Pack 1

9:54:19 PM 13/07/2008
mbam-log-7-13-2008 (21-54-19).txt

Scan type: Quick Scan
Objects scanned: 35640
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[JSntgRvr]

So do you think it was some kind of false-positive?

There is insufficient information. How bout a physical check? Are these present in he C:\ folder?

[Troy]

Hi again,

I can't believe I didn't mention it yet - that they aren't in the C: Folder!

So I double-checked just now, they still aren't there. So, the answer to your question is no.

Cheers

Troy

[JSntgRvr]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.