Hello, all you friendly souls in this forum.
Must acknowledge i have been lurking and learning a lot from most of the extremely knowledgeable users here. Really appreciate the ever-willing spirit of sharing that pervades this space. More power to your collective elbows!
Some clarifications i seek to a recurring problem…
On doing a complete scan in MBAM, i have twice in the last few days been informed that i have two infected objects sitting in the registry both bearing the same ominous name – Hijack.WindowsUpdate.
The following is the saved log file:
Malwarebytes’ Anti-Malware 1.40
Database version: 2720
Windows 5.1.2600 Service Pack 3
9/2/2009 1:40:46 PM
mbam-log-2009-09-02 (13-40-46).txt
Scan type: Full Scan (C:|)
Objects scanned: 166868
Time elapsed: 1 hour(s), 0 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) → Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) → Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
…
my question is…
Though MBAM reports that the file has been quarantined and deleted successfully, why does it reappear?
Thanks in advance.