Did you do the ESET Online Scanner?
Just run it. No threats found.
Fabian
Did you do the ESET Online Scanner?
Just run it. No threats found.
Fabian
fabianslo,
You need to go back into MBA-M Quarantine Tab and restore ALL these files removed if possible;
:\Program Files\Microsoft Works\cpitv11.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Works\pibase11.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\MATLAB71\toolbox\compiler\mcr\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\MATLAB71\toolbox\datafeed\datafeed\bbdatafeed.mexw32 (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\MATLAB71\toolbox\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> Quarantined and deleted successfully.Then go to http://virusscan.jotti.org/en
Upload each of those files for scanning. Report back on what is found for each one.
I did this too. None of the 21 scanners found anything in any of the 5 files. I have thus left them in restored status. What about the registry key that MBA-M deleted? Should I restore that as well?
There is only one on that last log. Just hang onto it for now. Don't remove it from Quarantine yet. I am submitting this info to MBA-M. You may need to restore that ONE. The only removals in question were those in that last scan that had items to remove. None of the other scans are in question. But don't clean out any of the quarantine files yet either. I will get back to you on this one as soon as I can.
Can you do the following for me?
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
Judy
I would also like you to do the following, after that developer log.
Right click on your desktop and choose New Folder. A new folder will appear on the desktop.
Go to My Computer. Double click to open. Then double click "C" Drive to open that. Then go to Program Files. Double Click to open. Scroll down until you find the Microsoft Works folder. Double click to open that folder. Scroll through there until you find cpitv11.dll Right Click on it and choose Copy. Then go to the new folder on your desktop and open it. Place your cursor anywhere in there and Right Click and choose Paste. A copy of that file will be pasted into the folder.
Next do the same thing...locate another program folder, this one is going to be located in the MATLAB71 folder. Open that folder. You should see other folders in there this time open the toolbox folder. When that opens there will be more folders. Open the datafeed folder. When that opens you will again see other folders. In there again you should see another datafeed folder. Open that one. This time the file you need to Right Click and copy to that new folder on the desktop is bbdatafeed.mexw32
Close all that out. Hold that New Folder on your desktop until I request it. MBA-M first requested that these be put into a folder and zipped and then sent to them but now they want to wait until they see the developer log so we will wait to see if they request them again. If they do all you'll have to do is zip the folder and upload it here and I will transfer it to them.
I would also like you to do the following, after that developer log.
Right click on your desktop and choose New Folder. A new folder will appear on the desktop.
Go to My Computer. Double click to open. Then double click "C" Drive to open that. Then go to Program Files. Double Click to open. Scroll down until you find the Microsoft Works folder. Double click to open that folder. Scroll through there until you find cpitv11.dll Right Click on it and choose Copy. Then go to the new folder on your desktop and open it. Place your cursor anywhere in there and Right Click and choose Paste. A copy of that file will be pasted into the folder.
Next do the same thing...locate another program folder, this one is going to be located in the MATLAB71 folder. Open that folder. You should see other folders in there this time open the toolbox folder. When that opens there will be more folders. Open the datafeed folder. When that opens you will again see other folders. In there again you should see another datafeed folder. Open that one. This time the file you need to Right Click and copy to that new folder on the desktop is bbdatafeed.mexw32Close all that out. Hold that New Folder on your desktop until I request it. MBA-M first requested that these be put into a folder and zipped and then sent to them but now they want to wait until they see the developer log so we will wait to see if they request them again. If they do all you'll have to do is zip the folder and upload it here and I will transfer it to them.
Run the developer scan. Now only the matlab files were detected. Here is the log.
Malwarebytes' Anti-Malware 1.41
Database version: 2804
Windows 6.0.6001 Service Pack 1
9/20/2009 10:57:32 AM
mbam-log-2009-09-20 (10-57-24).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 445525
Time elapsed: 4 hour(s), 25 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\MATLAB71\toolbox\compiler\mcr\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> No action taken. [4948455830466677886683701549666876708301070701524259383020192423250107070155385152424847303934455238010707015253514247405230212526130124212322242524213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232322419232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323224192322233623392320323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232211901070701525351424740523019191924191301171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717170107070152535142474052301926232019130117171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717]
C:\Program Files\MATLAB71\toolbox\datafeed\datafeed\bbdatafeed.mexw32 (Malware.Packer) -> No action taken. [4948455830466677886683701549666876708301070701524259383020192423250107070155385152424847303934455238010707015253514247405230212526130124212322242524213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232322419232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323224192322233623392320323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232211901070701525351424740523019191924191301171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717170107070152535142474052301926232019130117171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717]
C:\Program Files\MATLAB71\toolbox\matlab\verctrl\verctrl.mexw32 (Malware.Packer) -> No action taken. [4948455830466677886683701549666876708301070701524259383020192423250107070155385152424847303934455238010707015253514247405230212526130124212322242524213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232322419232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232232123182421231832323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323224192322233623392320323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232211901070701525351424740523019191924191301171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717170107070152535142474052301926232019130117171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717]
Thanks! Have sent this onto MBA-M and I will let you know what they come up with. Thanks for hanging in there with me on this!
Judy
Do me another favor. Can you save this log as a Word Document and attach it here? I cannot seem to get the full log to copy. Thanks!
Con'tyou do the Word Document attachment of the OLD log. Please Update MBA-M and do a new Developer scan with it and attach THAT new scan ok?
They believe they have it fixed but need to see a log from somebody who was receiving both of these findings. So Update MBA-M...the new database is 2832. So update to that and then do another developer log and attach it ok?
Here are instructions again for getting the developer log;
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
Con'tyou do the Word Document attachment of the OLD log. Please Update MBA-M and do a new Developer scan with it and attach THAT new scan ok?
They believe they have it fixed but need to see a log from somebody who was receiving both of these findings. So Update MBA-M...the new database is 2832. So update to that and then do another developer log and attach it ok?
Here are instructions again for getting the developer log;
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
Attached
Con'tyou do the Word Document attachment of the OLD log. Please Update MBA-M and do a new Developer scan with it and attach THAT new scan ok?
They believe they have it fixed but need to see a log from somebody who was receiving both of these findings. So Update MBA-M...the new database is 2832. So update to that and then do another developer log and attach it ok?
Here are instructions again for getting the developer log;
1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.
This means that these files are false positives. Should I then restore them? I will try to do the new developer scan tonite.
Yes, please restore them all prior to the scan.
Yes, please restore them all prior to the scan.
I restored the files. Updated and indeed nothing was detected this time. What about that registry key? It is still in quarantine.
Here is the log:
Malwarebytes' Anti-Malware 1.41
Database version: 2837
Windows 6.0.6001 Service Pack 1
9/22/2009 12:00:38 PM
mbam-log-2009-09-22 (12-00-38).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 445881
Time elapsed: 4 hour(s), 24 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
What about that registry key? It is still in quarantine.
Yes, restore it too. Then update MBA-M and please do the developer log again so I can send it onto MBA-M
Yes, restore it too. Then update MBA-M and please do the developer log again so I can send it onto MBA-M
ok, this is the final developer log after resting all false positives and updating:
Malwarebytes' Anti-Malware 1.41
Database version: 2908
Windows 6.0.6001 Service Pack 1
10/5/2009 10:03:26 PM
mbam-log-2009-10-05 (22-03-26).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 450781
Time elapsed: 4 hour(s), 32 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I will say "assume" it is the final chapter. Since you didn't respond for 13 days honestly I cannot say. If the computer is running well then I guess consider it closed. But to really be certain a computer is cleaned a one must really continue immediately until all things are clear. Mark this closed.
I will say "assume" it is the final chapter. Since you didn't respond for 13 days honestly I cannot say. If the computer is running well then I guess consider it closed. But to really be certain a computer is cleaned a one must really continue immediately until all things are clear. Mark this closed.
hahaha. i'm an economist. this does not even count as an assumption. :) thank you very much for all your help.
hahaha. i'm an economist. this does not even count as an assumption. :) thank you very much for all your help.
Now THAT is funny, especially today in these times. :D
This thread is now closed. If you need it reopened, please send a PM to one of our Mods.
Include the link to the thread and detail why you need it reopened.
If this is not your thread please start a New Topic.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.