MBAM false positives?

[Lisandro]

For sure MBAM is detecting it with the latest two virus databases.
The files are the same but they're completely hidden...

[essexboy]

No it is just that it is quicker if no other programmes are running, the scan will generate about 300 lines of code.  Obviously if you have just Updated a service pack or something similar there will be a lot more files within the 30 day time frame.  Takes about 10 minutes on mine whilst I am surfing and playing music 

[Lisandro]

I'm posting both logs. I just only change my user logon name for Tech.

[Lisandro]

The second log...

[Lisandro]

I'll boot the computer... see you soon.
Thanks for the help.

[essexboy]

You can remove the log attachments now Tech, there are no tasks on your system.  Not even hidden ones as OTL would show them as locked even if they could not be identified
%systemroot%\Tasks\*.job /lockedfiles


It may well be a MBAM false positive.  I am not sure how they are reported as they usually need the file to play with 

To remove OTL run the programme and hit the cleanup button and it will disappear 

[Lisandro]

Wow! My computer is clean then!
Thanks for the help. Although a mystery...

[bong2x]

hello tech

i know im not qualified to post here but i like also to share some of my experience about this.
this dynamic link library (dll) virus is difficult to see.
it some kind of murfer process, its run only by service host.

this one don't have a registry that's why resident protection cannot detect it.

if you willing to try my idea, it simple only but maybe it will help

Regards!!!

[Lisandro]

Ok, bong2x, but if it is so, how to remove it?

[bong2x]

we will try,
first unhide your system folder

then using search option, search the file  sshnas21.dll,

and open the command prompt, at the end of string type tasklist/svc

this revealed all the service host

let check irrelevant service running there.

 

[Lisandro]

Look... the file isn't there... There is no reason to search...

[essexboy]

No netsvc indications on OTL either

[Lisandro]

Essexboy, why does MBAM is detecting it?
Is there any other scanning I could do to check if my computer is clean?
No abnormal activity in the computer as far I can see...

[bong2x]

tech if the file is hidden cannot be seen physically even in search option,

you must unhide it first. (folder option show hidden files and folder)

sorry i am not good at expressing a word,

ok, how about the service host is there anything you found running not related to any of your application?

Regards!!

[essexboy]

For pure peace of mind we can run Combofix - I see nothing on your system that would cause problems, so I am happy for you to run it

 Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.