Malwarebytes acting like a virus.
Last response: in Windows 7
The past few weeks my computer has been acting wierd, going slow, crashing, etc.
I decided to install Malwarebytes to scan the computer, and found 6 Objects Infected.
The weird thing is though, that the 6 objects where normal.
Here is my log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7615
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
8/30/2011 5:44:26 PM
mbam-log-2011-08-30 (17-44-23).txt
Scan type: Quick scan
Objects scanned: 199048
Time elapsed: 2 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\David\AppData\Roaming\winlogon.exe (Trojan.Downloader) -> No action taken.
c:\Users\David\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
----------------
One of them, the process winlogon.exe, I removed in the Windows Task Manager processes tab, and it crashed my client (which it should if you delete it), so that means it is not a virus.
Then that must mean that Malwarebytes is giving me false information. I tried deleting the Malwarebytes file in 'Program Files (x86)' and these files wouldn't delete:
mbam.dll
mbam.exe
mbamcore.dll
mbamnet.dll
ssubtmr6.dll
vbalsgrid6.ocx
-------------
My computer OS is Windows 7 64-Bit.
Hope I can get this solved!
I decided to install Malwarebytes to scan the computer, and found 6 Objects Infected.
The weird thing is though, that the 6 objects where normal.
Here is my log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7615
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
8/30/2011 5:44:26 PM
mbam-log-2011-08-30 (17-44-23).txt
Scan type: Quick scan
Objects scanned: 199048
Time elapsed: 2 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.HMCPol.Gen) -> Value: Policies -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKLM (Backdoor.HMCPol.Gen) -> Value: HKLM -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\David\AppData\Roaming\winlogon.exe (Trojan.Downloader) -> No action taken.
c:\Users\David\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
----------------
One of them, the process winlogon.exe, I removed in the Windows Task Manager processes tab, and it crashed my client (which it should if you delete it), so that means it is not a virus.
Then that must mean that Malwarebytes is giving me false information. I tried deleting the Malwarebytes file in 'Program Files (x86)' and these files wouldn't delete:
mbam.dll
mbam.exe
mbamcore.dll
mbamnet.dll
ssubtmr6.dll
vbalsgrid6.ocx
-------------
My computer OS is Windows 7 64-Bit.
Hope I can get this solved!
More about : malwarebytes acting virus
Its quite possible that the malware or what ever you want to call it is stoping Mbam from picking it up... Download Rkill.. and run it up in safe mode and the hit ur pc with a full system Mbam scan, and after the mess is almost cleaned slap it with a Combofix too..
Double check that your Mbam is completely up to date too..
Mbam = Malwarebytes
Double check that your Mbam is completely up to date too..
Mbam = Malwarebytes
never kill files like that if you dont know what they are
many viruses are like barnicles they attach themselves to system files to make themself's hard to remove without a bootcd or a good antivirus
go on repair file if that option is availble
why not try a program that stops viruses infecting like a hips (host based intrustion prevension system)
one i recomend is comodo, there is a steep learning curve at first but after a while it dosnt even alert you at all and makes your computer much safer (its like everything it may be much more secure but that dosnt mean its impossible to get viruses)
many viruses are like barnicles they attach themselves to system files to make themself's hard to remove without a bootcd or a good antivirus
go on repair file if that option is availble
why not try a program that stops viruses infecting like a hips (host based intrustion prevension system)
one i recomend is comodo, there is a steep learning curve at first but after a while it dosnt even alert you at all and makes your computer much safer (its like everything it may be much more secure but that dosnt mean its impossible to get viruses)
Related ressources
- My system acting funny after deleting trojan virus - Forum
- Hijacker virus affecting computer *Tired malwarebytes * HELP! - Forum
- Windows is Acting Strange - Forum
- Avast free + malwarebytes free + windows security essentials - Forum
- Will Malwarebytes contradict with Kaspersky? - Forum
So your not using any kind of anti-virus program?
Your best bet is to burn/backup any important data to a cd or backup hdd before it's too late, then format the infected drive and re-install windows fresh.
Then use Microsoft Security Essentials (free) for your anti-virus. You can also install MWB too.
Your best bet is to burn/backup any important data to a cd or backup hdd before it's too late, then format the infected drive and re-install windows fresh.
Then use Microsoft Security Essentials (free) for your anti-virus. You can also install MWB too.
Didn't realize at first that it was in roaming.Related ressources:
- ForumI think I made some sort of mistake using Malwarebytes
- ForumNeed Major Help With Virus + Blue Screen
- ForumBlack Screen After Running Malwarebytes
- ForumDoes malwarebytes prevent hackers ??
- ForumAvira Premium Security Suite + Malwarebytes
- ForumFirewall, antivirus, malwarebytes ,internet security?? will they crash?
- ForumI did a system recovery, but my computer is acting like all my pictures are stil
- ForumPossible Virus ???
- ForumDNS changer virus rampant
- ForumWhy did Bill Gates invent Windows?
- Forum[Solved] Windows 7 taskbar like windows xp help
- ForumRemoved virus cant open programs
- Forum[Solved] BSOD when I virus scan?
- ForumCrashes that look like shock waves
- ForumI would like to run the stopped services in system configuration
- More resources
Read discussions in other Windows 7 categories
!
