Trojan Downloader + Everytime I scan with MBAM, Windows Defender detects...

Well this isn’t too big of a deal, just a trojan.agent found by MBAM and it was successfully removed (I had to restart my computer) I’d imagine because I scanned again with MBAM again and it was gone. But here’s the MBAM log for the trojan.agent:

Malwarebytes’ Anti-Malware 1.45
www.malwarebytes.org

Database version: 3934

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/30/2010 3:49:50 PM
mbam-log-2010-03-30 (15-49-50).txt

Scan type: Quick scan
Objects scanned: 107100
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{8ecc055d-047f-11d1-a537-0000f8753ed1} (Trojan.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

But every time I scan with MBAM Windows Defender tells me that changes have been made to my computer.
The program that “changes” things is Malwarebyte’s company, so I know it’s safe, but why does it do this? Is there anyway to stop Windows Defender from telling me this?

Also, Windows Defender blocked some “pop-Up” from my printer (Or maybe it was Malwarebytes Anti-Malware) … But I’m not sure.
Here’s what pop-up it blocked:

File Name: lxdpmon.exe
Display Name: lxdpmon
Description: Printer Device Monitor
Publisher: Publisher Not Available
Digitally Signed By: Thawte Code Signing CA
File Type: Application
Startup Value: “C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe”
File Path: C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
File Size: 656040
File Version: 0.1.25.0
Date Installed: 12/28/2008 5:37:03 PM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Permitted
Ships with Operating System: No
SpyNet Voting: Not applicable

Sorry for the trouble. Feel free to help others first, my “problem” isn’t a big deal.
Thank you for your trouble and thanks in advance!
;D

But every time I scan with MBAM Windows Defender tells me that changes have been made to my computer. The program that "changes" things is Malwarebyte's company, so I know it's safe, but why does it do this? Is there anyway to stop Windows Defender from telling me this?
I think you should report this at Malwarebytes forum so the MBAM team can look at it

http://forums.malwarebytes.org/

Hi Pondus,

Searching for the GUID gets you here to info on a rootkit backdoor
http://www.threatexpert.com/report.aspx?md5=1901f9375b0d61d8b4e5be30103b76c1
and
http://vil.nai.com/vil/content/v_137387.htm

polonus

Thank you both for the replies. :slight_smile:

polonus in the first link you posted it says that the severity level is high, but in the second link it says:

Risk Assessment

Corporate User
Low
Home User
Low

Is the virus/malware I got dangerous? I should have quarantined it with MBAM though, right?

Thank you both.