Today malwarebytes detected something that avast did not and was able to remove it. I am wondering if someone could help me figure out if I am clean.
will upload otl files later
thanks in advance for any assistance
Today malwarebytes detected something that avast did not and was able to remove it. I am wondering if someone could help me figure out if I am clean.
will upload otl files later
thanks in advance for any assistance
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.01.05
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]
8/29/2012 9:45:55 AM
mbam-log-2012-08-29 (09-45-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188179
Time elapsed: 2 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
this is from a quick scan
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Biohazard\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) → Quarantined and deleted successfully.
(end)
this is from a full scan
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]
8/29/2012 8:52:41 PM
mbam-log-2012-08-29 (20-52-41).txt
Scan type: Full scan (C:|D:|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317026
Time elapsed: 39 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
for some reason otl didn’t generate the extras file so I ran it again to make sure but it still didn’t create it, I attached the log that was created
here is the asw log
that reason is that exrta.txt is only created first time OTL is run …so i guess you have run it before
anyway that log is not important
No apparent malware there are you experiencing any problems ?
oh so extras only appears the first time? now it makes sense
no malware in my system? sounds excellent.
The reason I ran a scan was because firefox blocked me from google saying it was untrusted and I read on the web that maybe my browser had been compromised, so I got concerned, I ran a scan with avast and nothing came up then I ran a scan with malwarebytes and it found that exploit.
thank you very much for taking the time to look into my problem. Appreciate your great work.
the infection came back, what do I do? I am starting to think there might be something hidden on my system that bringing it back. Please help me figure out whats going on.
I scanned with malwarebytes today and it gave me this, nothing came up in avast:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.07.09
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Biohazard :: BIOHAZARD-PC [administrator]
9/7/2012 10:14:05 AM
mbam-log-2012-09-07 (10-14-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193193
Time elapsed: 2 minute(s), 12 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Biohazard\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) → Quarantined and deleted successfully.
(end)
here is a new otl log
here is the last log
On mui files
“Explanation:
Unlike previous versions of Windows, the code Binaries that are used to build Windows 7 are Language Neutral. This means that at least one Language Pack must be installed that defines the Base Language for that version of Windows 7. The base language cannot be uninstalled.
These .MUI files are the language pack files.”
Seems to be a false positive by Malwarebytes. Such things do happen. Of course, there is no guarantee that your services.exe.mui is legit.
OK lets empty the temporary files
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
ok will do
Attach the logs in this thread
I am not sure it it restarted but when it finished it went black and got me back to the windows log in screen does that mean it restarted? Also where are the logs? all I see in desktop are two desktop.ini files
are these the logs? I had to convert the ini files to notepad before uploading them
Sorry the previous reply was not meant for you it was another thread :-[
How is the computer behaving now… TFC will not generate a log
did the otl log and asw show that I am clean? my system seems fine but I am not really sure how to tell if it was an fp from malwarebytes
I can see no sign of malware