Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Member Steph's Avatar
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    882
    Points
    53

    Default MalwareBytes scan results

    Well, whaddya know - it's Sunday ...

    Malwarebytes has flagged the following on a full scan, which it says are all Adware.BHO. The thing is, I'd used CCleaner immediately before running the scan and cleared all cookies, etc. Do I delete or just ignore?

    C:\Program Files\FileHippo.com\Uninstall.exe

    C:\System Volume Information\restore{4488DE73-09D1-A8F7-F1EDDB4EB85D}\RP71\A0034328.exe

    and 3 more which differ only in the last two numbers of the .exe
    .45.exe
    .50.exe
    .69.exe


    Thank you

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    5,820
    Points
    1029

    Default

    Could you post the entire log.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  3. #3
    Member Steph's Avatar
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    882
    Points
    53

    Default

    Thanks zep, here it is :

    Malwarebytes' Anti-Malware 1.40
    Database version: 2717
    Windows 5.1.2600 Service Pack 2

    30/08/2009 19:24:38
    mbam-log-2009-08-30 (19-24-32).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 166366
    Time elapsed: 34 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    5,820
    Points
    1029

    Default

    I can't answer the first question, it looks like it is old System restore stuff from something prior. Currently log looks ok, evil or someone else may give better answer.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  5. #5
    Member Steph's Avatar
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    882
    Points
    53

    Default

    OK, I'll wait for a reply. Thanks

    5 minutes later ...
    Oh bummer - I just clicked on Ignore thinking it would close Malwarebytes down until I received a reply and it's removed one of the entries to the Ignore list - how do I get it back again so I can do something about it? Not that I know what to do about it until EF replies but still ...
    Last edited by Steph; 08-30-2009 at 02:47 PM.
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  6. #6
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,955
    Points
    557

    Default

    Open MalwareBytes
    Click the Ignore List tab
    Select item, then click remove
    Always remember you're unique.


    ...Just like everyone else!
    If your problem is solved, here's how to say thanks!

    Windows XP
    Windows Vista
    Windows 7

  7. #7
    Member Steph's Avatar
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    882
    Points
    53

    Default

    Hi Mr Darn - where does it remove it to please - or does clicking Remove actually delete it? Because we don't know what to delete yet ...
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  8. #8
    Member MrDarn's Avatar
    Join Date
    Jul 2007
    Location
    South East Northumberland
    Posts
    2,955
    Points
    557

    Default

    it doesn't actually delete it,it just removes the entry from the ignore list.

    The ignore list basically just skips that item if its found in the next scan, and is used for false positives,or files unknown to the community, but which you know are safe and wish to be left out of the next scan results.

    for the basic user, i believe nothing should be in the ignore list, but thats a personal choice.

    EDIT: so... in conclusion... remove the entry from the ignore list, then do another scan, and it'll re-appear
    Always remember you're unique.


    ...Just like everyone else!
    If your problem is solved, here's how to say thanks!

    Windows XP
    Windows Vista
    Windows 7

  9. #9
    Member Steph's Avatar
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    882
    Points
    53

    Default

    Hi Mr Darn

    I wasn't sure if clicking on Remove would delete the item entirely rather than just removing it from the Ignore list, so thanks for clarifying that.

    A re-scan shows they're all still there - so if anyone knows whether they're safe to delete or not ..?

    Thanks
    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  10. #10
    Moderator Forum Moderator arraknid's Avatar
    Join Date
    Dec 2006
    Location
    France
    Posts
    6,154
    Points
    1293
    Blog Entries
    4

    Default

    Those files are situated in System Restore folders situated in the System Volume Information folder. If they were malware, they would have been removed from the system in previous scans.

    The most likely explanation of the entries is that they are executable versions of software that was installed when that restore point was created. For instance, if you were to install a program which automatically sets a restore point, its executable would be stored in the restore point folder together with all necessary registry entries. Windows stores those executables using the file naming sequence you see in the log... A0004491.exe for example.

    You could gain access to the System Volume Information folder and see what the actual executable file name is, but it's not really somewhere you should be going.

    Two options...set MBAM to ignore the files in future, as it's 99.9% sure they are false positives, or clean out all of the System Restore files. To do that turn off SR, restart the computer, then re-enable SR again. That will give you no restore points to go back to, so maybe just setting to ignore is the better option.

Page 1 of 2 12 LastLast