View Full Version : SBS&D self-aborting
Can't get it to run since today's update. Sent bug report. Pete
Hi spy1,
which update? Detection rules update or version update? Please be more specific.
I'm running SBS&D v.1.6.0.26. I tried updating it just now and there aren't any newer updates, so I've got whatever the latest is (I updated it before trying to run the scan prior to the problem I'm having).
The scan itself is what's aborting.
This is my MBAM log:
Malwarebytes' Anti-Malware 1.34
Database version: 1828
Windows 5.1.2600 Service Pack 3
3/9/2009 3:10:17 PM
mbam-log-2009-03-09 (15-10-13).txt
Scan type: Quick Scan
Objects scanned: 70923
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tbsb00982.tbsb00982toolbar (Adware.Trace) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\IEToolbar (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> No action taken.
Files Infected:
C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\Thumbs.db (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> No action taken.
C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> No action taken.
Has the latest iteration of the ant toolbar gone totally rogue? Pete
drragostea
2009-03-10, 05:33
No, because it said "No action taken" in the log. I don't think you told MBAM to remove the malware.
That's correct - I didn't tell it to remove the malware (I wanted to play with it for awhile, but I had to leave for work - just got back awhile ago).
Anyway, I had started off a TrojanHunter Scan before I left for work - when I got home, TH had found a bunch of stuff but it, too, had locked up (couldn't clean it up, IOW, program frozen), so I RE-ran a "Quick" scan with TH and had it clean the stuff as it found it while scanning (I've had to do that before).
Here's what TH found:
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (matches Adware.Softomate.131)
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (matches Adware.Softomate.131)
Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
THEN I was able to run SBS&D - "No Immediate Threats Found".
I guess what concerned me the most about this infection - whatever it was - is that it was so easily able to blow the SBS&D scan out of the water. TrojanHunter ran (albeit with problems), but was evidently able to cope with it - and MBAM was able to run and FIND the problem (although it was "frozen" and wouldn't fix it, either).
It's got to be the Ant toolbar causing this - I just updated it not that long ago since a newer version was out (and, yes, I got from THEIR site).
Unless, of course, this whole thing was a string of FP's (which strains my credulity - I don't picture three separate programs calling a problem without there actually BEING one).
That's where I'm at right now. Pete
"In-Depth" scan with NOD32 shows nothing this morning. Running MBAM again (full scan this time) to see if it finds any remnants. (Gotta take wife to dentist, BBL). Pete
Hi spy1,
If your is infected , you can always do this:
Read the thread "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) from tashi carefully, especially post #1+2. After you've done everything, post your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22), where someone will help you. ;)
It's always good to have more then one Anti-Spyware tool on the computer.
Moreover, if you are clean, you can un-install the old version of Spybot and install the current one from here (http://www.safer-networking.org/en/mirrors/index.html).
Matt - Thanks - didn't know my program version wasn't up-to-date (thought the updater was supposed to take care of that if I have it set to do so?).
The NOD32 scan came up clean (depressing, given what I did next). Ran MBAM again (this is AFTER the "un-install" of the ant toolbar) and got this:
Malwarebytes' Anti-Malware 1.34
Database version: 1828
Windows 5.1.2600 Service Pack 3
3/10/2009 11:35:52 AM
mbam-log-2009-03-10 (11-35-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 106783
Time elapsed: 23 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 33
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\Thumbs.db (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> Quarantined and deleted successfully.
As you can see, MBAM was able to successfully quarantine and delete all that stuff.
Please feel free to move this entire thread to the Malware Removal Forum if you think it would be of benefit. Thanks! Pete
Hi spy1,
Please feel free to move this entire thread to the Malware Removal Forum if you think it would be of benefit. Thanks! Pete
I can't do this, sorry. ;)
If you still need help, follow the instructions I've given in my previous post. :)
I would never build only on one Anti-Spyware tool.
Thank you for your time and attention, Matt.
I think I'm good now that all scans on everything are coming up clean. Pete
Hi spy1,
thank you for feedback. You're welcome. ;)