Malwarebytes' Issue

I ran Malwarebytes' 1.50 on a client's computer after she called saying that she had a virus. Her Internet Explorer was telling her that she had x amount of trojans and various other viruses--which was the virus giving false information--so I updated and ran Malwarebytes' in safe mode, but it didn't find anything. It's very concerning that it would miss a virus that is so obvious.

Has anyone tested 1.50 for issues in detection? Which type of virus is this?

 

You do not need to worry. That was probably fake scan (I am sure). Those scans run in IE/other browser and scare end user that he/she has xxx trojan/virus/spyware/adware, while actual system is clean. Clear IE history and use some cleaner e.g., CCleaner to clean history/cache/cookies/local storage.
BTW, does she run any antivirus? If yes, update that antivirus and run complete scan to further ensure clean system. If no, then install some decent antivirus and do complete scan after full update.

 

Everyone in the building runs McAfee.

 

Use an AV with a better detection rate. Avast Free, ESET NOD32 trial, KAV trial, etc.

 

Follow Boyfirend's advice - it's right on the money. In my family, someone stumbles on those websites once a month or so, where it runs a fake scan and then tells you that you have a ridiculous # of problems on your computer.

The family has been trained to ignore them and not click on the link to their bogus product. If you follow their link, you WILL have a problem - they will install some sort of malware on your computer.

To be safe, run a full scan after CCleaner, just as Boyfriend suggested - that's exactly what I would do.

 

Okay, so should this happen again, will it allow the person to close the browser?

 

Typically, I have been unable to close browser normally, the webpage keeps asking over and over if you really want to close webpage. However, you can close out by going to task manager and closing the program.

 

Oh yeah. I forget about the simple solutions when faced with confusing problems.

 

I would first try to close it using the ALT + F4 keys so as not to execute any code that may be linked to the buttons, and then Task Manager if that fails.

 

Thanks for the tip about the ALT + F4 keys. I had never heard of that before.

 

If possible, it's usually better to run MBAM in full Windows mode.

To quote the MBAM developers...

 

That's something else that I didn't know, however, how does one know when a regular mode MBAM scan has failed?

 

The one time I ran into a situation like that was that the malware would not allow MBAM to even install. And when I installed in Safe Mode, it would not allow it to run in normal mode. I had a flash of the splash screen and then nothing...

 

So what did you do?

 

In those situations when an exe killing rogue is around a rename of mbam's installer and then mbam.exe to firefox, iexplore, explorer, svchost..... or changing the extension to .com, .bat, .scr, .pif may get a scan up and running.

Below are pics for a fake scan site which auto downloads a:
systemupdate107_2247.exe - 17/41 - MD5 : 94ff4b798e796ddf78aa36232af3b916

Even if the exe is downloaded it still has to be executed to install so if you shutdown your browser and delete the exe you shouldn't get infected.

Some fake scan sites lock up your browser to their page and in that case you could bring up Taskmanager and kill your browser's process.







Renamed MBAM exes:

 

It was the worst (but most fun?) cleanup I have ever done. Renaming MBAM to some other name didn't work either. Nor was an AV scan allowed, no SuperAntiSpyware or anything. I could not run Task Manager or Process Explorer (it killed them too!) I finally was able to run a more obscure (but very well designed) app called System Explorer. It allowed me to identify 2 suspicious dll's that could not be deleted. I finally resorted to a Linux boot disc and deleted the dll's from there. Once they were gone, I could run my cleanup tools.

 

Jeez! I hope that doesn't happen to me.

 

Alt F4 used to work well on the fake scan site but lately when I've run into it I had to resort to task manager.
As quick as task manager closes it you can see new ones popping up then the message "ie not responding" before
task manager finally shuts it all down. I've had several friends fall victim to that site.

 

You can always try SUPERAntiSpyware Portable in those situations as well:
http://www.superantispyware.com/portable

It can often run when other products can't run because of infection.

 

^ That's interesting.

 

i have scaned this file earlier and you should defently change from Mcafee to avira, because avira would protect you much better...
here is the results of the file that you've been infected with and impossible to remove:

~ Jotti Results Removed per Policy ~

 

Uh oh. NOD32 found nothing? Interesting.