TrevorD
2009-04-14, 18:01
First some background (please bear with me!):
I recently used the program Reimage (http://reimage.com/home/index.php) to repair my XP SP3 installation.
Subsequently I ran a scan with Malwarebytes’ Anti-Malware (free version)
That scan (copy log below) suggested 3 files and 1 Registry Value - all associated with the Reimage program - were infected with Trojan.FakeAlert (http://www.malwarebytes.org/malwarenet.php?name=Trojan.FakeAlert), but I wasn't sure whether this was a false alert.
AVG Internet Security (paid version; my regular anti-virus program) showed no infection.
(Both programs had been updated immediately prior to the scans.)
I sought e-mail help from Reimage, who have suggested, as a first step, that I run SpyBot.
SpyBot (fully updated) has found nothing (other than a few tracking cookies and usage threads).
The Malwarebytes’ Anti-Malware log is as follows:
Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3
11 Apr 2009 13:40:15
mbam-log-2009-04-11 (13-40-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 257873
Time elapsed: 1 hour(s), 9 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP905\A0113460.exe (Trojan.FakeAlert) -> No action taken.My main question is:
Would SpyBot have found the (alleged) Trojan.FakeAlert infection if it were present in the places identified in the log above?I ask this for two reasons:
The (alleged) infected files are not in any of the (default) (Download) Directories listed in the Settings (and I haven't wanted to change these because their function is not clear to me - see separate post).
I could not find the precise name FakeAlert in either of the SpyBot Trojan file lists as viewed in Ignore Products, but I know the names of these infections can vary, and FakeAlert.cc is listed.
I also thought I had read a suggestion (somewhere in the forum or support areas) that it is possible to test an individual file with SpyBot - but I can't find a way of doing that. Is it possible, and if so, how? Or did I imagine it?
So, have I got an infection or not?
Thanks in advance for your help.
Trevor
I recently used the program Reimage (http://reimage.com/home/index.php) to repair my XP SP3 installation.
Subsequently I ran a scan with Malwarebytes’ Anti-Malware (free version)
That scan (copy log below) suggested 3 files and 1 Registry Value - all associated with the Reimage program - were infected with Trojan.FakeAlert (http://www.malwarebytes.org/malwarenet.php?name=Trojan.FakeAlert), but I wasn't sure whether this was a false alert.
AVG Internet Security (paid version; my regular anti-virus program) showed no infection.
(Both programs had been updated immediately prior to the scans.)
I sought e-mail help from Reimage, who have suggested, as a first step, that I run SpyBot.
SpyBot (fully updated) has found nothing (other than a few tracking cookies and usage threads).
The Malwarebytes’ Anti-Malware log is as follows:
Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3
11 Apr 2009 13:40:15
mbam-log-2009-04-11 (13-40-03).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 257873
Time elapsed: 1 hour(s), 9 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP905\A0113460.exe (Trojan.FakeAlert) -> No action taken.My main question is:
Would SpyBot have found the (alleged) Trojan.FakeAlert infection if it were present in the places identified in the log above?I ask this for two reasons:
The (alleged) infected files are not in any of the (default) (Download) Directories listed in the Settings (and I haven't wanted to change these because their function is not clear to me - see separate post).
I could not find the precise name FakeAlert in either of the SpyBot Trojan file lists as viewed in Ignore Products, but I know the names of these infections can vary, and FakeAlert.cc is listed.
I also thought I had read a suggestion (somewhere in the forum or support areas) that it is possible to test an individual file with SpyBot - but I can't find a way of doing that. Is it possible, and if so, how? Or did I imagine it?
So, have I got an infection or not?
Thanks in advance for your help.
Trevor