I had no malware or spyware software so as I was advised in this forum I installed Malwarebytes’ Anti-Malware. But I find no instructions for this program and I don’t know what to do with what it was found after the first scan :-\ … I don’t quite understand the information it gives me.
After the scan the results window shows two results:
[tr][td]vendor[table][tr][td]Backdoor.Bot[/td][/tr][tr][td]Hijack.System.Hidden[/td][/tr][/td][td]category[tr][td]Registry Value[/td][/tr][tr][td]Registry Data[/td][/tr][/td][td]items[tr][td]HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Windows Update[/td][/tr][tr][td]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue[/td][/tr][/td][td]other[tr][td]Value:Windows Update[/td][/tr][tr][td]Bad:(0) Good:(1)[/td][/tr][/td][/tr][/table]
These seem like something that’s OK… but I don’t really know…
and now I’m just being curious but what does it mean: HKEY ?
thanks, I’ll try their forum. and YoKenny: I tried to post the log as an image attached but it was to large and to post images is complicaded because it shows the codes and then I don’t know what to do whit it… :-[ but thanks anyway!
Why bother with an image when you can attach the log file, which is only a few KB in size or copy and paste the contents of the log. You don’t have to get too creative.
When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).
[quote][quote author=DavidR link=topic=42297.msg354536#msg354536 date=1233845630]
Why bother with an image when you can attach the log file, which is only a few KB in size or copy and paste the contents of the log. You don’t have to get too creative.
When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).
;D eheh, thanks David …hum I think I got it - both the image/attachement stuff and the log.
: still in case you’re curious here’s the log, but I’ve already got an answer to my post in the malwarebytes forum - a nice advice from you. I’m getting addicted for a newbie in forums! 8)
`Malwarebytes’ Anti-Malware 1.33
Database version: 1723
Windows 5.1.2600 Service Pack 3
Forums can be addicting and a vast fountain of knowledge.
I wonder if putting in a log might be easier if you use Code which is the # icon
Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 3
2/5/2009 1:07:58 AM
mbam-log-2009-02-05 (01-07-58).txt
Scan type: Quick Scan
Objects scanned: 51183
Time elapsed: 3 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
When the log is opened with Notepad go to Edit then Select all (Ctrl+A) then copy (Ctrl+C) then paste (Ctrl+V) the log so that you do not have to create an image of a text file.
I think the real issue was putting the log data inside my quoted text rather than after the end though this you will learn.
In view of the registry entries (you should select for removal and click the Remove Selected button, see image):
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\Windows Update (Backdoor.Bot) -> Not selected for removal.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) → Bad: (0) Good: (1) → Not selected for removal.
These aren’t actually a huge issue as they are just settings that could help hide/aid malware, so you should run and MBAM scan and allow MBAM to correct the entries, it doesn’t actually remove them.
sorry :-[ this time it’s ok. nice drawing explanation
03-02-2009 23:42:58 SYSTEM 1960 The virus database (VPS 090203-1) was automatically updated.
04-02-2009 1:30:40 SYSTEM 1960 VRDB (Virus Recovery Database) generation was successfully completed.
04-02-2009 22:48:40 SYSTEM 1932 The virus database (VPS 090204-0) was automatically updated.
06-02-2009 1:54:48 SYSTEM 1932 The virus database (VPS 090205-1) was automatically updated.
06-02-2009 22:48:41 SYSTEM 1936 The virus database (VPS 090206-0) was automatically updated.
Because the size of the txt file for a posting can be a bit limiting, it is good custom to give logfile txts of scanners like MBAM, SAS, ComboScript or HJT for that matter as an added txt file to the posting, you will find that under Additional Options, so the analysis can be opened, cut and pasted by the malware fighter,
The Notice level of logging is to low the information contained isn’t of a serious nature. The Warning log is the one that avast stores the information on avast detections.
OK I didn’t grasp that you were using it to test how to use the feature in the forums.
If you want to test something, you can also use the Preview button, that shows if you have got the functionality right first before posting. In the case of just doing a test, having got it working you can also abort the post, close the topic window/tab.
,