Trojan.FakeAlert issue

[social9]

Hi Blade-

The latest MBAM report came back clean. This has happened for a day or 2 before then it reappears so I'm not quite ready to celebrate but at least for now everything looks good. I'll report back again on Sunday with an update.

Malwarebytes' Anti-Malware 1.28
Database version: 1202
Windows 5.1.2600 Service Pack 3

10/10/2008 11:24:04 AM
mbam-log-2008-10-10 (11-24-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205124
Time elapsed: 1 hour(s), 27 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Blade81]

Ok. Shall wait for your reply.

[social9]

Hi Blake-

I ran MBMW 3 times today and each time it came back clean. Here's the last results.

Malwarebytes' Anti-Malware 1.28
Database version: 1202
Windows 5.1.2600 Service Pack 3

10/13/2008 12:12:25 AM
mbam-log-2008-10-13 (00-12-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204588
Time elapsed: 2 hour(s), 49 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Blade81]

Good I guess you can now follow steps in post #16

[social9]

Hi Blade-

I reset the restore point and uninstalled Combofix per your instructions. I've run both Kaspersky and MBMW today and both came up clean. I'll continue to check both the next few days but it looks good. Thanks for all your help!

[Blade81]

Ok. Shall wait for your input after a few days

[social9]

Hi Blade-

I've run 4 scans now and each has been clean. I think it's safe to say my system is now free of the Trojan. Thanks again for all your help.

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

[Blade81]

Re-opened upon user's request.

[social9]

Hi Blade-

Looks like I was premature in declaring victory. Here are the last two MBMW logs:

Malwarebytes' Anti-Malware 1.28
Database version: 1202
Windows 5.1.2600 Service Pack 3

10/15/2008 04:15:34 PM
mbam-log-2008-10-15 (16-15-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204906
Time elapsed: 1 hour(s), 38 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Mr.Sleepy\Application Data\RBMD5550.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mr.Sleepy\Application Data\RBMD5550.dll (Trojan.Agent) -> Delete on reboot.


Malwarebytes' Anti-Malware 1.28
Database version: 1202
Windows 5.1.2600 Service Pack 3

10/16/2008 12:57:17 AM
mbam-log-2008-10-16 (00-57-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204449
Time elapsed: 1 hour(s), 19 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{ECBFC3E0-78C0-4CF2-8860-DA3708336C9F}\RP3\A0000189.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.