| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97593 | 2009-02-21 00:02:00 | What am I doing wrong with MalwareBytes? | tuiruru (12277) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 749866 | 2009-02-21 00:02:00 | Having seen the number of links for the above software in contributors signature panels I decided to try the above software. On the first scan I was really impressed because it seemed to pick up a lot of stuff that similar programs had missed. However, on the last 4 or 5 scans it has picked up the same 66 "iffies" (samples below) and despite me asking for them ro be removed they still appear on the next scan even after reboot. Sample results are: C:\Users\Default\Application Data\Google\spcffwl.dll (Trojan.FakeAlert) -> Not selected for removal. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\pg32.exe (Rogue.InternetAntivirus) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Delete on reboot. C:\Users\Default\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot. C:\Users\Default\My Documents\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot. C:\Users\Default\Local Settings\Application Data\Microsoft\Windows\sav.exe (Fake.Dropped.Malware) -> Delete on reboot. C:\Users\Default\Application Data\Microsoft\Windows\rayio.exe (Adware.WinButler) -> Delete on reboot. C:\Users\Default\Start Menu\Programs\Startup\AntiSpyware Protector.lnk (Rogue.AntiSpyware) -> Delete on reboot. Are these false positives? Most of the entries seem to be in the c:\Users\Default > subfolders. If they are false positives should I flag them as "ignore"? I'm using Vista Home Premium SP 1 Thanks |
tuiruru (12277) | ||
| 749867 | 2009-02-21 00:17:00 | Soon find out click on remove selected then it'll prob tell you to reboot. Then scan again Do a check on Google for those filenames, that'll tell you what they are. I checked rayio.exe its definitely malware |
Speedy Gonzales (78) | ||
| 749868 | 2009-02-21 00:32:00 | Steps to take. Turn off System Restore - they could be reinfecting on reboot Download and run Ccleaner Run Malwarebytes Download and run Spyware Terminator ( in my Sig) - in Spyware terminator, make sure you update the files to the latest, Select settings(up top) - on the Left select Scan Settings - Put ticks in the two boxes that are left unticked. ALWAYS run the programs in FULL scan mode. Also get Trojan remover from Speedy's sig and run that. NO one Antispyware program gets every thing - there have been countless times I have had to run various programs several times to clean out PC's. EDITED: get super antispyware as well, and run that - full scan mode. |
wainuitech (129) | ||
| 749869 | 2009-02-21 01:38:00 | Hi Speedy I've done that six times - makes no difference Hi WainT I've disable system restore, run MBYtes, told it to remove the problems, rebooted and they're still apparently there. I've got Super Antispyware, Spybot, Avast AV Home, Ashampoo Antispyware. I uninstalled Spyware Terminator this morning cos it was conflicting with one of the others, but that was only AFTER I'd run it and discovered this problem. I'll update all the file sigs and run everything on full scan as recommended as well as getting Trojan Remover. Is there any particular order I should do this in? Thanks |
tuiruru (12277) | ||
| 749870 | 2009-02-21 01:48:00 | Shouldn't really Matter - but usually I go like this -- CcLeaner Then Nod32 Antivirus Trojan Remover Malwarebytes Spyware Terminator Super Antispyware Spybot S&D Spyware Doctor (sometimes - depending on what the others find) & Hijackthis to double check. Then repeat Malwarebytes & Spyware Termanator - if they still find any after that lot - theres a couple of others I also use or sometimes have to manually remove them. |
wainuitech (129) | ||
| 749871 | 2009-02-21 02:19:00 | Thanks WainT - I'll try that. Have you got any opinions on Comodo Registry Cleaner vs CCleaner? |
tuiruru (12277) | ||
| 749872 | 2009-02-21 02:41:00 | Hi WainT I've been following the links. Has CCleaner transmuted itself into Registry Mechanic cos that's what the links suggest? |
tuiruru (12277) | ||
| 749873 | 2009-02-21 02:42:00 | Comodo would remove more than ccleaner as it goes further I would try glary utilities, its not bad. Theres a free version |
Speedy Gonzales (78) | ||
| 749874 | 2009-02-21 02:48:00 | Delete on reboot means it can't remove them because they are active. If running it pr others again in Safe Mode won't remove them, then remove them manually - you have the path. | pctek (84) | ||
| 749875 | 2009-02-21 03:00:00 | Hi WainT I've been following the links. Has CCleaner transmuted itself into Registry Mechanic cos that's what the links suggest? Nope the links fine Just tried it (www.imagef1.net.nz) from my sig, the next page I select Download from Filehippo or here isFileHippo's (www.filehippo.com). Have you got any opinions on Comodo Registry Cleaner vs CCleaner Never used comodo Reg Cleaner - I use Ccleaners if I do any, as far as I'm concerned comodo's is still to new - and I have seen MANY times peoples reg screwed up with some regcleaners. Not to say comodos is bad- just rather use one I trust. |
wainuitech (129) | ||
| 1 2 | |||||