Warning while running DDS.com

[Skipperme]

I'm running XP Pro on the Windows Bootcamp partition of my iMac. Having virus trouble, that's why I'm here..

Following your instructions, I'm running DDS.com, after doing the ERUNT reg backup, and I have CA Internet Security Suite running, configured to fire alerts when "attempts to access monitored items are detected", which I believe is the case here.
I get this alert
"1 Program has been blocked"
C:\Documents and Settings\MyName\Local Settings\Temp\2f.tmp\MBR.D AT

Wants access to:

HKLM\System\CurrentControlSet\Services\mbr.


Is this DDS asking for something, or bad guys?

http://forums.spybot.info/showthread...221#post404221

[shelf life]

hi Skipperme,

Try disabling CA Internet Security Suite first and any other "anti this or that" you may have running then run DDS. After you get a DDS log, reboot machine to start your CA Suite back up.

[Skipperme]

Hi, I just recently posted in the Waiting Room because of the 4 day wait and gave the sequence of actions I went through after I posted about the Filter warning you are responding to. I did disable the CA stuff, then tried 3 more times through the ERUNT/DDS sequence. Didn't get anymore warnings, but each time DDS died before it completed, completely killing the machine. No mouse or keyboard response, had to hard reboot. So I haven't gotten a DDS dump yet and await word on much more frigged up things are when DDS won't even run...

I don't want to get too confused with posts all over the place, so let me know what to expect next. As I said, the latest info (basically what I said here) is also in a post in the Waiting Room.

Thanks.

----------------------------
Edit

Please post to shelf life in this topic.

[shelf life]

Ive never had DDS not be able to produce a log but that dosnt mean its malware related. Do you have Malwarebytes installed? if not:

Please download the free version of Malwarebytes to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

You could also try running DDS in safe mode. After a reboot and before Windows starts, tap the f8 key and from the list chose the first option: safe mode, log into your usual account, once at the safe mode desktop try running DDS.
Is CA telling you you have a virus or are you experiencing any signs of malware?

[Skipperme]

Did a scan with CA first, got nothing.

While downloading or installing MWB (don't remember which...)
Got a CA notification badge popup intrusion warning for "daily drivers update" wanting access. I checked the CA logs and they had trapped some, but not all of some hits from update-drivers.in(80,87,199,48) and some from ebay.com (66.135.200.181) ??
Earlier in the list were about 5 malwarebytes accesses that were all blocked..
dunno what that is, but if it helps..

so,

installed Malwarebytes
When I ran it, I immediately got an error message dlg with the error
PROGRAM_ERROR_UPDATING(122,0,MultiByteToWideChar) data buffer too small for system call " paraphrased..
The update dialog had already shown, and this popped up in front.
clicked okay, the update dialog failed, another malware dlg popped saying things were out of date by 140 days, update?, to which I said yes and got the same error dialog box.
Dismissed that one and the MWB UI came up.
Ran the scan, got 2 infections.

Here's the log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/19/2011 4:18:46 PM
mbam-log-2011-05-19 (16-18-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 245806
Time elapsed: 54 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{9d7957d3-95e5-42ab-b935-ca291739717a}\RP9\A0004710.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Don\local settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Didn't run DDS yet.
Let me know..
Thanks.

[shelf life]

If malwarebytes is out of date by 140 days it wont do you a whole lot of good.Sometimes malware can cause these type of problems. Can you successfully update your CA suite and any other software you have installed? Can you get to certain websites ok, try going to Windows Update or Avast, AVG etc.

There is a current data base you can manually download and install to MBAM here

Those other messages must be from your CA suite's firewall. You would have to give MBAM the ok to "go out" and get the updates if that whats the prompts are about.

The MBAM log is really of little help being so outdated. See if you can post a traditional HJT log so we have something to go on;
Version 2.0.4 is here