dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5756

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

KoRnGtL15

Premium Member

Stuck at a screen as we speak with Malwarebytes...... help

This is what it found. I just reinstalled XP today. Should I select to remove them or leave them alone?

Malwarebytes' Anti-Malware 1.34
Database version: 1849
Windows 5.1.2600 Service Pack 3

3/14/2009 6:57:40 PM
mbam-log-2009-03-14 (18-57-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 87004
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

1 recommendation

Smokey Bear

Premium Member

I am not 100% sure about mentioned registry data, can be FP's, OTOH it also can be a trojan. Only a HJT log will tell.

In your case please follow these instructions: »Security Cleanup FAQ »How to post for assistance

and post a HJT log here: »Security Cleanup

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

KoRnGtL15

Premium Member

I think they might be FP. This is newly installed XP. I can post over there as well. In the mean time. I removed them. And they are in quarantine for both programs. Then done a scan with SUPERAntispyware and this came up.

SUPERAntiSpyware Scan Log
»www.superantispyware.com

Generated 03/14/2009 at 07:30 PM

Application Version : 4.25.1014

Core Rules Database Version : 3795
Trace Rules Database Version: 1751

Scan type : Complete Scan
Total Scan Time : 00:12:28

Memory items scanned : 351
Memory threats detected : 0
Registry items scanned : 4159
Registry threats detected : 1
File items scanned : 9969
File threats detected : 0

Unclassified.Unknown Origin
HKU\S-1-5-21-2486945965-1564346514-8833468-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear

Premium Member

said by KoRnGtL15:

I think they might be FP. This is newly installed XP. I can post over there as well. In the mean time. I removed them. And they are in quarantine for both programs. Then done a scan with SUPERAntispyware and this came up.
I tend to agree, but we can't ignore the fact that the MBAM alerts can be serious. To be sure it are FP's I advise you to post a HJT log on this board or any other board that provide HJT Log Analysis Services.

guy54435
Premium Member
join:2003-02-19

guy54435 to KoRnGtL15

Premium Member

to KoRnGtL15
If you have Security Center set to not notify if those things are not checked then malwarebytes as well as spybot S&D and probably others will report this, because malware of sorts also do this so they can do the dirty work that they do.

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

1 edit

KoRnGtL15

Premium Member

I have security center disabled and yes the notify is off. This probably why it is being picked up? I did go on over to clean up area and made a post to be safe. Along with a HJT log.

Smokey Bear
veritas odium parit
Premium Member
join:2008-03-15
Annie's Pub

Smokey Bear

Premium Member

Please don't ask for analysing a HJT log in this forum. DSLR have a fine equipped Security Cleanup section with qualified staff, trained to treat logs.

fatdcuk
Premium Member
join:2005-02-20
England

1 edit

1 recommendation

fatdcuk to KoRnGtL15

Premium Member

to KoRnGtL15
said by KoRnGtL15:

I have security center disabled and yes the notify is off. This probably why it is being picked up? I did go on over to clean up area and made a post to be safe. Along with a HJT log.
MBAM is detecting that it is switched off and reporting it as Hijack.

Because a lot of malware actually disable these options then that is why like SpyBot that MBAM flag's the values when they are disabled.

Of course the software dose not know that it was end user that consented to this change so it get flags all the while.

If you want to keep them disabled then you will need to disable them again and add them to MBAM's ignore list or it will keep flagging them and attemting to repair to default setting(enabled).

hth

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

said by fatdcuk:

MBAM is detecting that it is switched off and reporting it as Hijack.
I can confirm that here too. This was an alert a few weeks back.

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

1 edit

KoRnGtL15 to fatdcuk

Premium Member

to fatdcuk
So do you guys suggest restoring the files? What about that registry entry SAS picked up? Restore that as well from quarantine? My post got deleted in security clean up even though I removed my HJT log from this thread.

fatdcuk
Premium Member
join:2005-02-20
England

fatdcuk

Premium Member

said by KoRnGtL15:

So do you guys suggest restoring the files? What about that registry entry SAS picked up? Restore that as well from quarantine? My post got deleted in security clean up even though I removed my HJT log from this thread.
No files have been removed,the registry value has been set to default(enabled).

Either add to ignore list for MBAM if you dont want it to detect and reset it.

As far as SAS goes i'm not sure about their hit,maybe best ask at their forums to see if they can advise

Michl
@arcor-ip.net

Michl to KoRnGtL15

Anon

to KoRnGtL15
hi people my MBAM suddenly posted the same hijack type this night to me the first time with them disabled. After that I scanned with Antivir and nothing was found. Could it be a problem with the newest update from MBAM have? because I scanned now with the warnings not disabled and nothing was mentioned.

jeno
@bellsouth.net

jeno to KoRnGtL15

Anon

to KoRnGtL15
Here is what it is (your call):
ClassID: {83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
»www.systemlookup.com/CLS ··· dll.html

KoRnGtL15
Premium Member
join:2007-01-04
Grants Pass, OR

1 edit

KoRnGtL15 to Michl

Premium Member

to Michl
I dunno. I have another XP machine and after scanning hers. I scanned mine. It did not pick any thing up. Both are running XP home and SP3. I also have security center disabled on this machine.

jeno,

It came pre installed with google desktop and tool bar. That would explain it. Thanks!

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

1 recommendation

Name Game to KoRnGtL15

Premium Member

to KoRnGtL15
said by KoRnGtL15:

I have security center disabled and yes the notify is off. This probably why it is being picked up? I did go on over to clean up area and made a post to be safe. Along with a HJT log.
And since you did this on your own..is the reason those entries even show up in the malwarebytes scan Just like ones sees in this thread at Sypbot where the user is told..

You shouldn't erase those. These entries tell the Security Center not to warn you when your antivirus is turned off, and that's ok as long as your Norton protection notifies you instead. However, if that is not the case, or you are NOT using AV protection, you should check for malware because many viruses disable these notifications.

Anyway, in Spybot - Search & Destroy, if you select this entry and expand the tab on the right, you will get advice on this. If you are sure notification have NOT been disabled by mistake or evil software, it's a good idea to tell spybot not to show you these entries in the future. You can do that by right-clicking an entry, and selecting the appropriate option.

»www.velocityreviews.com/ ··· ort.html

So you can put them in the Ignore list for Malwarebyptes if you dont want to see them come up when you do scan..or if you never intend to use the Security Center you can let Malwarebytes clean them off.

They will be reproduced again when you do turn on the Center again.
Expand your moderator at work

SimonP
@ripeorange.com

SimonP to Name Game

Anon

to Name Game

Re: Stuck at a screen as we speak with Malwarebytes...... help

According to my google research, malwarebytes is considered scam-ware, similar to XP AV 2009 and others. DO NOT give them any money. Check out Avast or PC Doctor.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

What Google research would that be?
»www.google.com/search?co ··· camware\

Just askin'

TheJoker
MVM
join:2001-04-26
Charlottesville, VA

1 recommendation

TheJoker to SimonP

MVM

to SimonP
Malwarebytes' Anti-Malware is an excellent scanner. You are sadly mistaken and grossly disparaging an outstanding resource that anti-malware fighters worldwide rely on daily. A suggestion to instead check out Avast isn't even appropriate, as MBAM is an anti-malware utility, and Avast is an antivirus program. You need to do better research before slandering a company (and comparing it to XP Av 2009 can be considered nothing but slander).

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

2 recommendations

Name Game to SimonP

Premium Member

to SimonP
said by SimonP :

According to my google research, malwarebytes is considered scam-ware, similar to XP AV 2009 and others. DO NOT give them any money. Check out Avast or PC Doctor.
Ahh..you have been eating too many twinkies again..time to change the channel

Reception
CNET cited MBAM being one of the first programs able to disinfect the so-called Antivirus XP 2008 spyware.[5]
News organizations have also picked up on MBAM, having mostly positive things to say about program's detection abilities.[6][7][8]
Third party sites specializing in computer help, such as Bleeping Computer, have listed MBAM as the preferred method of removing malware such as MS Antivirus,[9] as well as Spyware Protect 2009.[10]

»en.wikipedia.org/wiki/Ma ··· -Malware