Author Topic: Behavior shield question internat.exe (Read 17310 times)

Zyndstoff (aka Steven Gail) · « **Reply #30 on:** April 07, 2011, 07:24:10 PM »

Quote from: cska133 on April 07, 2011, 07:20:51 PM

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> No action taken.

No action taken -> let MBAM send it to quarantine.

Asyn · « **Reply #31 on:** April 07, 2011, 07:25:33 PM »

Quote from: Zyndstoff on April 07, 2011, 07:24:10 PM

Quote from: cska133 on April 07, 2011, 07:20:51 PM

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> No action taken.

No action taken -> let MBAM send it to quarantine.

Yep, do this..!!!

Zyndstoff (aka Steven Gail) · « **Reply #32 on:** April 07, 2011, 07:29:03 PM »

Quote from: Asyn on April 07, 2011, 07:25:33 PM

Quote from: Zyndstoff on April 07, 2011, 07:24:10 PM
Quote from: cska133 on April 07, 2011, 07:20:51 PM

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> No action taken.

No action taken -> let MBAM send it to quarantine.

Yep, do this..!!!

phew... at last one correct advice in this thread. Getting better, it must be the coffee.

Asyn · « **Reply #33 on:** April 07, 2011, 07:32:29 PM »

Quote from: Zyndstoff on April 07, 2011, 07:29:03 PM

...it must be the coffee.

Must be some good stuff..!

YoKenny · « **Reply #34 on:** April 07, 2011, 07:34:56 PM »

Quote from: cska133 on April 07, 2011, 07:20:51 PM

Quote
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6302

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.04.2011 19:17:50
mbam-log-2011-04-07 (19-17-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165890
Laufzeit: 2 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> No action taken.

Another German user needing education about MBAM. :'(
Maybe doktornotor should take over problem resolution from essexboy

Maybe if he learned how update his PROFILE the helpers could offer more pertinent advice.

cska133 · « **Reply #35 on:** April 07, 2011, 07:37:46 PM »

Quote from: Zyndstoff on April 07, 2011, 07:24:10 PM

Quote from: cska133 on April 07, 2011, 07:20:51 PM

Infizierte Dateien:
c:\Windows\Temp\tmp0000000132065b11eac2d69b (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\tmp00000001391a16854da50208 (Trojan.Dropper) -> No action taken.

No action taken -> let MBAM send it to quarantine.

and this is all?
actually how to send to quarantine? There is only remove in MBAM?

Zyndstoff (aka Steven Gail) · « **Reply #36 on:** April 07, 2011, 07:38:31 PM »

Quote from: YoKenny on April 07, 2011, 07:34:56 PM

Another German user needing education about MBAM. :'(
Maybe doktornotor should take over problem resolution from essexboy

I just love your incrompehensible remarks, YoKenny.

YoKenny · « **Reply #37 on:** April 07, 2011, 07:45:36 PM »

Quote from: Zyndstoff on April 07, 2011, 07:38:31 PM

Quote from: YoKenny on April 07, 2011, 07:34:56 PM
Another German user needing education about MBAM. :'(
Maybe doktornotor should take over problem resolution from essexboy

I just love your incrompehensible remarks, YoKenny.

Not enough coffee! :'(

Zyndstoff (aka Steven Gail) · « **Reply #38 on:** April 07, 2011, 07:48:17 PM »

Quote from: cska133 on April 07, 2011, 07:37:46 PM

and this is all?
actually how to send to quarantine? There is only remove in MBAM?

That's it, yes. Remove. It will send it to quarantine.

After that, set your behaviour shield to "Ask" and reboot and let's see, if it pops up again.

cska133 · « **Reply #39 on:** April 07, 2011, 07:50:29 PM »

the popup from the beginning is still open, I didnt make any decision. So which action to choose: just deny or terminate/move to chest?

Zyndstoff (aka Steven Gail) · « **Reply #40 on:** April 07, 2011, 07:53:12 PM »

Quote from: cska133 on April 07, 2011, 07:50:29 PM

the popup from the beginning is still open, I didnt make any decision. So which action to choose: just deny or terminate/move to chest?

Don't move to chest!

Just deny / block, if the option is given.

You can have the C:\Windows\System32\ubpm.dll analyzed at virustotal.com, just to be sure.

Zyndstoff (aka Steven Gail) · « **Reply #41 on:** April 07, 2011, 09:43:34 PM »

Hmmm... no more response.
Is it a bad sign?

Asyn · « **Reply #42 on:** April 07, 2011, 09:46:33 PM »

Quote from: Zyndstoff on April 07, 2011, 09:43:34 PM

Hmmm... no more response.
Is it a bad sign?

Let's see.

Hätten wir vielleicht doch, aber naja....

cska133 · « **Reply #43 on:** April 07, 2011, 10:12:06 PM »

geblockt, with MBAM removed, PC reboot... no popups so far.
lets see

Asyn · « **Reply #44 on:** April 07, 2011, 10:15:20 PM »

Quote from: cska133 on April 07, 2011, 10:12:06 PM

geblockt, with MBAM removed, PC reboot... no popups so far.
lets see

Ok, report back in a few days.

Author Topic: Behavior shield question internat.exe (Read 17310 times)

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

Asyn

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

Asyn

Re: Behavior shield question internat.exe

YoKenny

Re: Behavior shield question internat.exe

cska133

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

YoKenny

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

cska133

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

Zyndstoff (aka Steven Gail)

Re: Behavior shield question internat.exe

Asyn

Re: Behavior shield question internat.exe

cska133

Re: Behavior shield question internat.exe

Asyn

Re: Behavior shield question internat.exe