PDA

View Full Version : Not clear what SpyBot is checking



TrevorD
2009-04-14, 18:01
First some background (please bear with me!):

I recently used the program Reimage (http://reimage.com/home/index.php) to repair my XP SP3 installation.



Subsequently I ran a scan with Malwarebytes’ Anti-Malware (free version)



That scan (copy log below) suggested 3 files and 1 Registry Value - all associated with the Reimage program - were infected with Trojan.FakeAlert (http://www.malwarebytes.org/malwarenet.php?name=Trojan.FakeAlert), but I wasn't sure whether this was a false alert.



AVG Internet Security (paid version; my regular anti-virus program) showed no infection.



(Both programs had been updated immediately prior to the scans.)



I sought e-mail help from Reimage, who have suggested, as a first step, that I run SpyBot.



SpyBot (fully updated) has found nothing (other than a few tracking cookies and usage threads).


The Malwarebytes’ Anti-Malware log is as follows:


Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11 Apr 2009 13:40:15
mbam-log-2009-04-11 (13-40-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 257873
Time elapsed: 1 hour(s), 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP905\A0113460.exe (Trojan.FakeAlert) -> No action taken.My main question is:
Would SpyBot have found the (alleged) Trojan.FakeAlert infection if it were present in the places identified in the log above?I ask this for two reasons:

The (alleged) infected files are not in any of the (default) (Download) Directories listed in the Settings (and I haven't wanted to change these because their function is not clear to me - see separate post).



I could not find the precise name FakeAlert in either of the SpyBot Trojan file lists as viewed in Ignore Products, but I know the names of these infections can vary, and FakeAlert.cc is listed.

I also thought I had read a suggestion (somewhere in the forum or support areas) that it is possible to test an individual file with SpyBot - but I can't find a way of doing that. Is it possible, and if so, how? Or did I imagine it?

So, have I got an infection or not?

Thanks in advance for your help.
Trevor

tashi
2009-04-14, 18:43
Hello,


So, have I got an infection or not?


Please see this Faq: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Start a new topic providing the HJT log, then this one will be closed as helpers look for threads without a response. :)

Regards.