Avast WEBforum
Other => General Topics => Topic started by: krypton on August 26, 2010, 07:06:22 AM
-
hello
i buy new laptop with windows xp and i scan for viruses and i not get any virus in scanning. i scan with mbam and i got 3 infeced files.
wat i do. see this mbam file. thnks
-
it is only registry trace. update MBAM scan again and click remove selected button to quarantine
-
i tried to remove it but it goes in quarantine. and then i thought if i remove any file from registry then may be my pc will give error anytime in future. so i again restore them all.
can u tell me if i delete those registry infected files then is this ok?
-
it will be okey to let malwarebytes remove them because it first makes a back up on the file in its quarantine and then remove it. if it should turn out to be an false threat you can easily restore the file from the quarantine option in malwarebytes antimalware.
-
krypton,
The MBAM scan you just did was only a Quick Scan. Ironically, it looks very similar to the one you had on 8/22/2010, which was a full scan and had the same problems but also identified a Trojan as well in this previous thread: http://forum.avast.com/index.php?topic=63076.15 (http://forum.avast.com/index.php?topic=63076.15). Is this a new machine or the same machine? If you bought a new machine, why did it only come with XP SP2 instead of XP SP3?
I also suggest you update MBAM and run a FULL scan. Thank you.
-
krypton,
The MBAM scan you just did was only a Quick Scan. Ironically, it looks very similar to the one you had on 8/22/2010, which was a full scan and had the same problems but also identified a Trojan as well in this previous thread: http://forum.avast.com/index.php?topic=63076.15 (http://forum.avast.com/index.php?topic=63076.15). Is this a new machine or the same machine? If you bought a new machine, why did it only come with XP SP2 instead of XP SP3?
I also suggest you update MBAM and run a FULL scan. Thank you.
hey there
yes i bought new laptop. i have desktop also as my last topic i said.
i updated mbam today and then i scan. then also infected registry shown.i done full scan. see file plz.wat i do. can i move them in qurantine? and then i delete those files from quarantine. is those infected files are important or can make problem in future if i delete them from qurantine?
-
you move them to quarantine and let them stay there for 30 days, if the machine works okay then you can delete form quarantine
that is why you should never delete, always move to quarantine first
Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
-
if i move them into quarantine. then also it performs its work or it get useless?
if mbam shows false postive and if i move important file which is important for my pc to get work then how my pc will work if i move those files in qurantine?
-
Pondus,SafeSurf,mikaelrask,and krypton:
May be no one of you read the log"sorry to say that"the infected items are just bad policies to disable security center and mbam will not remove any thing it will set new clean values(0=>1,1=>0) ;)
-
@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?
These settings should by default be set to notify you if any of them are not running/enabled.
If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.
As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.
-
@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?
These settings should by default be set to notify you if any of them are not running/enabled.
If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.
As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.
Sorry DavidR to say that but after re-install windows xp mbam always detect those "infected" values so krypton dont do anything that is mbam and default system setting"BUT even before mbam detect those security center is fully working,may be something wrong ::) ???"
-
Some firewalls and AV's set those keys automatically - notably Norton - Did your re-install have a trial version AV on it ?
-
Hi essexboy even The Fresh Copy of win xp will lead mbam to detect those registry values and note that security center is fully working ???,"I test it my self"
-
@ krypton
These all relate to the Windows Security Center (WSC), have you made any changes in there relating to not notifying you about Windows Updates, Firewall and Antivirus not being enabled/running, etc. ?
These settings should by default be set to notify you if any of them are not running/enabled.
If they set 'not to notify you' as these are it could be a pre-emptive measure for malware to try and disable your security so that the WSC doesn't warn you they aren't running/enabled.
As has been said in this case they aren't deleted or moved to quarantine but the values are set their default setting so you are warned if any of the three are nor running/enabled.
i got msg to put automatic update for my windows.
my firewall in already on
my antivirus also updated.
-
<snip>
Sorry DavidR to say that but after re-install windows xp mbam always detect those "infected" values so krypton dont do anything that is mbam and default system setting"BUT even before mbam detect those security center is fully working,may be something wrong ::) ???"
Well I don't know how that can be as the default setting is for WSC to 'notify' rather than disable the notifications.
I don't reinstall my system on a regular basis, and it is around 18 months or so since I got this system with winXP Pro SP3 installed and no changes to the defaults and at that time I will have also installed avast, SAS Pro and MBAM free, yet I never had any alerts from any of them on what was a clean install of XP Pro.
So since then something has changed in MBAM (as I don't think it has in XP) that is mis-identifying this, but even so I can't recall ever having MBAM flag these on this system.
-
That what make me crazy the security center is fully working and mbam say it is disable. ???
-
Well I have just run a Full MBAM scan and nothing, mind you my database is from last Saturday, as I only update it on a weekly basis (as it downloads the whole database again) before I do my weekly scan.
So it may be possible that this is as a result of a bad signature update, since last Saturday. It might be worth visiting the reporting FPs forum at MBAM forums and see if there is any activity on this.
-
i think mbam is not correct software. is there any other software which doing work like mbam doing?
mbam everytime shows infected file. even there nothing infected
wat is the difference between mbam and av? wat their work?
-
i think mbam is not correct software. is there any other software which doing work like mbam doing?
yes but not as good, alternative www.superantispyware.com
mbam everytime shows infected file. even there nothing infected
If you dont let MBAM move the files to quarantine then it will show up again on every scan.....
wat is the difference between mbam and av? wat their work?
MBAM is a specialized tool, very good at the specific malware it targets and very good at removal..
-
<snip>
mbam everytime shows infected file. even there nothing infected
If you dont let MBAM move the files to quarantine then it will show up again on every scan.....
<snip>
It won't if you choose the Ignore option, see image.
-
i think mbam is not correct software. is there any other software which doing work like mbam doing?
yes but not as good, alternative www.superantispyware.com
mbam everytime shows infected file. even there nothing infected
If you dont let MBAM move the files to quarantine then it will show up again on every scan.....
wat is the difference between mbam and av? wat their work?
MBAM is a specialized tool, very good at the specific malware it targets and very good at removal..
1.It is correct and good but all make mistakes
2.answer one
3.Yes avast av"for example"detect real virus"like sality,virut,....."mbam not
-
Pondus,SafeSurf,mikaelrask,and krypton:
May be no one of you read the log"sorry to say that"the infected items are just bad policies to disable security center and mbam will not remove any thing it will set new clean values(0=>1,1=>0) ;)
I looked at the logs and that is why I responded and posted the OP's previous thread http://forum.avast.com/index.php?topic=63076.0 (http://forum.avast.com/index.php?topic=63076.0) because of using a suspected cracked version of Windows.
The OP states his MS Updates are turned on, yet he/she is still on XP SP2 instead of SP3 and according to the MBAM logs, which I reviewed, the Security Center (SC) is disabled. In the OP's previous thread, he/she stated that he/she turned the (SC) off due to a problem with the XP FW.
@ krypton,
1. Is this a registered copy of Windows for this new machine?
2. If you go to Start > Control Panel > Windows Security Center > you will see:
- A. Firewall
- B. Automatic Updates
- C. Virus Protection
...with a green or yellow or red light next to it. What color light is next to each one (A - C above)?