Malwarebytes log

hello forum!

ive been experiencing iexplorer lockups for the past couple days, so i ran malwarebytes, and it found 4 items…can someone tell me what they are? i tried searching for the .dll files but nothing really came up.

thank you

Saty

Objects scanned: 237350
Time elapsed: 38 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft Works\cpitv11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\Program Files\Microsoft Works\pibase11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\SWSetup\MSWorks\PFiles\MSWorks\cpitv11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\SWSetup\MSWorks\PFiles\MSWorks\pibase11.dll (Rogue.Installer) → Quarantined and deleted successfully

They look like they might be false positives to me.

See if you can extract them from quarantine and send them to VirusTotal.

Post a complete Malwarebytes log as you have edited the important header information out.

ok, sorry, here is the complete log with header info…

i didnt send anything to virus total yet, Ill probably need some step by step instruction on how to go about doing that.

thanks again

Malwarebytes’ Anti-Malware 1.41
Database version: 2795
Windows 6.0.6002 Service Pack 2

9/14/2009 12:40:51 PM
mbam-log-2009-09-14 (12-40-51).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 237350
Time elapsed: 38 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft Works\cpitv11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\Program Files\Microsoft Works\pibase11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\SWSetup\MSWorks\PFiles\MSWorks\cpitv11.dll (Rogue.Installer) → Quarantined and deleted successfully.
C:\SWSetup\MSWorks\PFiles\MSWorks\pibase11.dll (Rogue.Installer) → Quarantined and deleted successfully

I’m with FWF here as this looks like it could be a false positive.

You can only Restore items from the Quarantine (tab in MBAM), that unfortunately places them in the original location (which isn’t the best idea), just do two of them (C:\Program Files\Microsoft Works\cpitv11.dll and the other in the same folder) then upload to virustotal, see below.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

Before doing this I would suggest scanning them again with MBAM, just in case the possible FP has been corrected.

thank you david for your reply,

im a lil confused, i cant seem to see how to rescan the items in quarantine, so am I to restore those two files, then re run malwarebytes and see if it picks those two up again? the two being /microsoft works/ cpitdvll.dll and /microsoft works/ pibase.dll correct?

You would have to restore them first, so restore the two files mentioned, run a Quick scan and see if they are still detected, if so upload to VT.

You have made a typo as the cpitdvll.dll doesn’t match any of the MBAM detections, they are cpitv11.dll (that is a 11 and not an ll) and pibase11.dll (also with the number 11 and not ll (LL), those are the two to restore, scan and upload.

The other two in quarantine are the same file but in a different location so it is pointless uploading everything.

than you DavidR, will do, and yes, a typo, my bad lol

Ill update malwarebytes before doing a quickscan after restoreing those two files.

ok, restored those two files, updated Malwarebytes and did a quickscan, all clean! Ill restore those two other files now, and run another quick scan, for my piece of mind if for anything lol

thank you for all your help David, Kenny and FWF

You’re welcome, saves you having to report them to MBAM as an FP ;D

:slight_smile: Hi Saty :

When it comes to Items in a malwarebytes log, Best to start by asking on
the Malwarebytes Support Forums at www.malwarebytes.org/forums .

yes it does DavidR ;D

Ive never done it, so Im sure Ill need step by step instuctions on how to do it lol, I was stuck with norton for the last few years so this is all new to me.

SpiritSongs…

true enough, BUT,

Im comfortable with this forum and the people in it…and ive found that there are people here quite knowledgeable in reading other logs besides avast, and are more than williing to lend a helping hand when they can. Im pretty sure if they didnt want to help with non avast issues they would say so

so Ill keep asking my questions here, until I come upon a issue that stumps everyone, which, from what Ive seen in reading the boards for the past two months religiously, rarely happens…

but until then, please dont waste your time trying to send me elsewhere

thank you

Saty

Spiritsongs, many people complain that you send people elsewhere… Did you think on that? ???