| Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below. | |
|
 | 
29th November 2008, 12:16 PM
|  | TST Oracle | | Join Date: Jul 2008, 8,171 posts. Location: UK Norfolk ..... Reputation:  | | | Malwarebytes saves the day
My son was on my account and clicked something
Up popped malwarebytes 
That is everywhere i look nasty rogue program 
__________________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming...
Damn, What a ride!!  |
29th November 2008, 12:18 PM
|  | TST Master | | Join Date: Dec 2007, 2,107 posts. Location: England Reputation: | |
Mbam is the best!
__________________ "If at first you do not succeed, sit down, have a coffee, have a smoke, and think for a bit. If that still doesn't work, post it on TST". |
29th November 2008, 01:55 PM
|  | TST Member | | Join Date: Aug 2008, 105 posts. Location: Island of Misfit Toys Reputation: | | |
Hello BM
did you run a Qscan and did it find anything. this one has the ability stop security programs installs and updates.
__________________
"You cant drink the oil when the water is gone"
Peruvian Shaman
|
29th November 2008, 01:58 PM
| | TST Oracle | | Join Date: Jul 2008, 8,171 posts. Location: UK Norfolk ..... Reputation: | | |
I had to go shopping and turned pc off
when i rebooted up popped the ALert again
A quick scan revealed the following
Malwarebytes' Anti-Malware 1.30
Database version: 1424
Windows 5.1.2600 Service Pack 3
29/11/2008 14:54:47
mbam-log-2008-11-29 (14-54-47).txt
Scan type: Quick Scan
Objects scanned: 57026
Time elapsed: 10 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\19638636633090601697733780294234 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Antivirus 2009 (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> Quarantined and deleted successfully.
How many times have i told them not to click lol
__________________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming...
Damn, What a ride!! |
29th November 2008, 02:26 PM
| | TST Member | | Join Date: Aug 2008, 105 posts. Location: Island of Misfit Toys Reputation: | |
Your MBAM needs to be updated/rerun Qscan, after you put all your goodies away.
__________________
"You cant drink the oil when the water is gone"
Peruvian Shaman
|
29th November 2008, 02:33 PM
| | TST Oracle | | Join Date: Jul 2008, 8,171 posts. Location: UK Norfolk ..... Reputation: | |
I need to have a word in the MB forum
its not autoupdating Sho-dan 
__________________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming...
Damn, What a ride!!
Last edited by Blackmirror; 29th November 2008 at 02:36 PM.
|
29th November 2008, 02:36 PM
| | TST Member | | Join Date: Aug 2008, 105 posts. Location: Island of Misfit Toys Reputation: | |
That error has been noted, the MBAM crew is working on it. 
__________________
"You cant drink the oil when the water is gone"
Peruvian Shaman
Last edited by sho-dan; 29th November 2008 at 02:38 PM.
Reason: Gotto run, chores are acalling.
|
29th November 2008, 02:44 PM
| | TST Oracle | | Join Date: Jul 2008, 8,171 posts. Location: UK Norfolk ..... Reputation: | | |
Well i have every faith in them
Mb scan clean
__________________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming...
Damn, What a ride!! |
29th November 2008, 07:12 PM
|  | TST Expert | | Join Date: Sep 2008, 574 posts. Location: UK Reputation: | |
I took my lead from Donna and look what I found!  How come Avast didn't pick up any of these as its database updates daily? 
Malwarebytes' Anti-Malware 1.30
Database version: 1434
Windows 5.1.2600 Service Pack 2
29/11/2008 19:53:50
mbam-log-2008-11-29 (19-53-50).txt
Scan type: Full Scan (C:\|)
Objects scanned: 104514
Time elapsed: 1 hour(s), 12 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected) Files Infected:
C:\WINDOWS\Lic.xxx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\R.COM (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\zts2.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\T.COM (Trojan.Agent) -> Quarantined and deleted successfully.
__________________ I once had a life, now I have the internet |
29th November 2008, 07:56 PM
|  | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | | | |
29th November 2008, 08:32 PM
| | TST Expert | | Join Date: Sep 2008, 574 posts. Location: UK Reputation: | |
thanks for info but please explain, normally Avast will say if there's a trojan, now these are Trojan agents, aren't they the same and can they affect the performance of my pc or are they just there?
__________________ I once had a life, now I have the internet |
29th November 2008, 08:46 PM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
Now your getting into variations. I'm not the one to try and explain those.
MBAM works different than a traditional antivirus. Lic.xxx was flagged because of the xxx I would imagine. It isn't necessarily malicious as shown here, but most files with xxx in them will be malicious. You can usually trust what it finds but if you question any file found always google it before removal. If it's a false positive report it to the false positives forum so they can have a closer look at the file.
|
29th November 2008, 08:58 PM
| | TST Expert | | Join Date: Sep 2008, 574 posts. Location: UK Reputation: | |
I just don't know where I got those files from, I don't recognise any of 'em, perhaps I should just leave well alone
__________________ I once had a life, now I have the internet |
29th November 2008, 09:03 PM
| | Security Team | | Join Date: Dec 2007, 2,555 posts. Location: Tulsa, OK Reputation: | |
It definately won't hurt removing them. Likely they were part of a browser exploit.
zts2.exe is malicious and part of a password stealing trojan. Frethog C - CA
If you would like to be sure that the computer is malware free then post a HijackThis log in the malware forum and we will have a look.
|
29th November 2008, 09:08 PM
| | TST Oracle | | Join Date: Jul 2008, 8,171 posts. Location: UK Norfolk ..... Reputation: | | |
You will be in safe hands Dotty
__________________ Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, chocolate in one hand, wine in the other, body thoroughly used up, totally worn out and screaming...
Damn, What a ride!! |
29th November 2008, 10:07 PM
| | TST Expert | | Join Date: Sep 2008, 574 posts. Location: UK Reputation: | | Quote:
Originally Posted by evilfantasy  It definately won't hurt removing them. Likely they were part of a browser exploit.
zts2.exe is malicious and part of a password stealing trojan. Frethog C - CA
If you would like to be sure that the computer is malware free then post a HijackThis log in the malware forum and we will have a look. |
done!  Quote:
Originally Posted by Blackmirror You will be in safe hands Dotty |
thanks
__________________ I once had a life, now I have the internet | |  Only registered members can participate in forum threads. You must register or log in to contribute.
All times are GMT. The time now is 11:53 AM.
|
|
|
Submit Your Article 
Forum Rules 
FAQ 
About Us 
Main Menu
Contact Us