Malwarebytes' Issue

Discussion in 'malware problems & news' started by TONPumper, Dec 7, 2010.

Thread Status:
Not open for further replies.
  1. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    I ran Malwarebytes' 1.50 on a client's computer after she called saying that she had a virus. Her Internet Explorer was telling her that she had x amount of trojans and various other viruses--which was the virus giving false information--so I updated and ran Malwarebytes' in safe mode, but it didn't find anything. It's very concerning that it would miss a virus that is so obvious.

    Has anyone tested 1.50 for issues in detection? Which type of virus is this?
     
  2. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    You do not need to worry. That was probably fake scan (I am sure). Those scans run in IE/other browser and scare end user that he/she has xxx trojan/virus/spyware/adware, while actual system is clean. Clear IE history and use some cleaner e.g., CCleaner to clean history/cache/cookies/local storage.
    BTW, does she run any antivirus? If yes, update that antivirus and run complete scan to further ensure clean system. If no, then install some decent antivirus and do complete scan after full update.
     
  3. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    Everyone in the building runs McAfee.
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Use an AV with a better detection rate. Avast Free, ESET NOD32 trial, KAV trial, etc.
     
  5. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Follow Boyfirend's advice - it's right on the money. In my family, someone stumbles on those websites once a month or so, where it runs a fake scan and then tells you that you have a ridiculous # of problems on your computer.

    The family has been trained :D to ignore them and not click on the link to their bogus product. If you follow their link, you WILL have a problem - they will install some sort of malware on your computer.

    To be safe, run a full scan after CCleaner, just as Boyfriend suggested - that's exactly what I would do.
     
  6. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    Okay, so should this happen again, will it allow the person to close the browser?
     
  7. LenC

    LenC Registered Member

    Joined:
    Jul 25, 2006
    Posts:
    846
    Location:
    CT, USA
    Typically, I have been unable to close browser normally, the webpage keeps asking over and over if you really want to close webpage. However, you can close out by going to task manager and closing the program.
     
  8. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    Oh yeah. I forget about the simple solutions when faced with confusing problems.
     
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    I would first try to close it using the ALT + F4 keys so as not to execute any code that may be linked to the buttons, and then Task Manager if that fails. ;)
     
  10. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Thanks for the tip about the ALT + F4 keys. I had never heard of that before. :)
     
  11. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    If possible, it's usually better to run MBAM in full Windows mode.

    To quote the MBAM developers...
     
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    That's something else that I didn't know, however, how does one know when a regular mode MBAM scan has failed? o_O
     
  13. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    The one time I ran into a situation like that was that the malware would not allow MBAM to even install. And when I installed in Safe Mode, it would not allow it to run in normal mode. I had a flash of the splash screen and then nothing...
     
  14. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    So what did you do?
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    In those situations when an exe killing rogue is around a rename of mbam's installer and then mbam.exe to firefox, iexplore, explorer, svchost..... or changing the extension to .com, .bat, .scr, .pif may get a scan up and running.

    Below are pics for a fake scan site which auto downloads a:
    systemupdate107_2247.exe - 17/41 - MD5 : 94ff4b798e796ddf78aa36232af3b916

    Even if the exe is downloaded it still has to be executed to install so if you shutdown your browser and delete the exe you shouldn't get infected.

    Some fake scan sites lock up your browser to their page and in that case you could bring up Taskmanager and kill your browser's process.

    1.JPG

    Fake.JPG

    Rogue.JPG

    Renamed MBAM exes:
    MBAM.JPG
     
  16. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    It was the worst (but most fun?) cleanup I have ever done. Renaming MBAM to some other name didn't work either. Nor was an AV scan allowed, no SuperAntiSpyware or anything. I could not run Task Manager or Process Explorer (it killed them too!) I finally was able to run a more obscure (but very well designed) app called System Explorer. It allowed me to identify 2 suspicious dll's that could not be deleted. I finally resorted to a Linux boot disc and deleted the dll's from there. Once they were gone, I could run my cleanup tools.
     
  17. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    Jeez! I hope that doesn't happen to me.
     
  18. DanL

    DanL Registered Member

    Joined:
    Nov 25, 2004
    Posts:
    159
    Alt F4 used to work well on the fake scan site but lately when I've run into it I had to resort to task manager.
    As quick as task manager closes it you can see new ones popping up then the message "ie not responding" before
    task manager finally shuts it all down. I've had several friends fall victim to that site.
     
  19. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    You can always try SUPERAntiSpyware Portable in those situations as well:
    http://www.superantispyware.com/portable

    It can often run when other products can't run because of infection.
     
  20. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    ^ That's interesting.
     
  21. Raven_X

    Raven_X Registered Member

    Joined:
    Dec 8, 2010
    Posts:
    36
    i have scaned this file earlier and you should defently change from Mcafee to avira, because avira would protect you much better...
    here is the results of the file that you've been infected with and impossible to remove:

    ~ Jotti Results Removed per Policy ~
     
    Last edited by a moderator: Jan 7, 2011
  22. TONPumper

    TONPumper Registered Member

    Joined:
    Jul 20, 2010
    Posts:
    112
    Uh oh. NOD32 found nothing? Interesting.
     
Thread Status:
Not open for further replies.