MBAM false positives?

[Lisandro]

you must unhide it first. (folder option show hidden files and folder)

No offense, but this is obvious. I've done it.

[bong2x]

if the file is physically not there, then its end up of chasing ghost.

tech, how many times did you format your hard drive?

it cannot be a bad sector of hard drive nor virtual generator.

i can manually guide you to remove virus but if not there, its a big problem, how can we removed nothing?

ok, tech i think there is nothing to remove there,

edit: no wonder it cannot be found this thing merge with this - C:\WINDOWS\system32\svchost.exe

if you try to removed it you are trying to shut down everything.

this things i think subject for investigation, something like x86 update 

Best Regards!!!

[Lisandro]

tech, how many times did you format your hard drive?

I've done 15 days ago 

it cannot be a bad sector of hard drive nor virtual generator.

No, all my disk is completely clean, no physical damage, bad sectors, etc.
I run chkdsk when necessary.

[Lisandro]

Essexboy, how could I fully uninstall Combofix? Seems that a lot of files and folders are installed...

[essexboy]

No indications of any malware there at all Tech.  CF removal follows 

The following will implement some cleanup procedures as well as reset  System Restore points:

Click Start > Run  and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

[Lisandro]

Hmmm...
C:\ComboFix was created after I've manually delete it...
I've received a message of fully uninstall Combofix though.

[essexboy]

Just delete that folder - any other entries in your system should be gone

[Lisandro]

Thanks. Done.
Now the only mystery is MBAM...

[essexboy]

The thing is how do we give MBAM a copy of a file that does not exist ?

[Lisandro]

I've sent an email for them. Hope they could take a look into this thread.

[Lisandro]

I've sent an email for them. Hope they could take a look into this thread.

They already do it. I'd like the quick response of their support.
Hope we can find what's going on.
By the way, the latest 4032 database of MBAM also detects them as infected, i.e., the problem persists.

[essexboy]

OK let me have a thunk on this, and see if I can rake upo a tool that looks in different areas

[Lisandro]

OK let me have a thunk on this, and see if I can rake upo a tool that looks in different areas

Elaborate please... what should I do? Wait?

[essexboy]

Wait no more - I have a tool that will strip permissions from any file and then delete it, so if it is there it will go.  This will kill your desktop when it runs as all processes will be stopped, they will come back on reboot. 

 Please download OTM

• Save it to your desktop.
  
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

Code: [Select]

:Processes
explorer.exe

:Files
C:\Windows\system32\sshnas21.dll
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

:Commands
[Reboot]


• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTM and reboot your PC.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Lisandro]

Log:

========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\Windows\system32\sshnas21.dll not found.
File/Folder C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
========== COMMANDS ==========
 
OTM by OldTimer - Version 3.1.11.0 log created on 04252010_171440