Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue AV cannot remove


  • Please log in to reply
4 replies to this topic

#1 mw74

mw74

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:02 PM

Posted 15 January 2012 - 12:16 PM

Hi there,
scanning with Mbam shows 2 infections, after following removal instructions and rescanning threats remain. I cant see any indications otherwise that my system is infected.
win 7 64bit
Comodo CIS
Webroot secureanywhere AV
Comodo DNS
Mbam + hitman pro "on demand"


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mark :: MARK-PC [administrator]

Protection: Enabled

1/15/2012 4:52:33 PM
mbam-log-2012-01-15 (16-52-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 203097
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\program files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

Edited by mw74, 15 January 2012 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 PM

Posted 15 January 2012 - 12:39 PM

(Rogue.AntiVirusPC2009) -> Delete on reboot.

Restart the PC and run a scan again.Your mbam log should be clean.

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Good luck

Edited by narenxp, 15 January 2012 - 12:40 PM.


#3 mw74

mw74
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:02 PM

Posted 15 January 2012 - 01:29 PM

ok Mbam scan still finds threats, after looking at gmer results think mbam might be getting "hits" from CIS quarantine???

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 18:25:36
Windows 6.1.7601 Service Pack 1
Running: 00kmnles.exe


---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F40AF3B-5A95-49F5-905C-47655A9332DA.data 68 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F40AF3B-5A95-49F5-905C-47655A9332DA.data.info 118 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6546E721-F0C3-4B74-83D2-5E8F7A28C1DA.data 451584 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6546E721-F0C3-4B74-83D2-5E8F7A28C1DA.data.info 198 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B6C17598-5E6F-44AE-B0B4-321A21D24864.data 462848 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B6C17598-5E6F-44AE-B0B4-321A21D24864.data.info 118 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F33AD8D5-4FDC-4273-9D05-55B27647BE89.data 462848 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F33AD8D5-4FDC-4273-9D05-55B27647BE89.data.info 198 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----

#4 mw74

mw74
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:02 PM

Posted 15 January 2012 - 01:50 PM

ok thanx for your time....
cleared CIS quarantine and rescanned with Mbam, all clear, not sure if Mbam should find threats that have been previously quarantined but happy this now resolved :thumbup2:
Thanx again MW

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:02 PM

Posted 15 January 2012 - 07:43 PM

You're welcome :thumbup2:

Edited by narenxp, 15 January 2012 - 07:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users