PDA

View Full Version : Would SpyBot find Trojan.FakeAlert if present?



TrevorD
2009-04-14, 19:59
Original message reposted as requested, followed by comments and requested HJT log.

Thanks in advance for your help.

Trevor

=======================

First some background (please bear with me!):

I recently used the program Reimage (http://reimage.com/home/index.php) to repair my XP SP3 installation.



Subsequently I ran a scan with Malwarebytes’ Anti-Malware (free version)



That scan (copy log below) suggested 3 files and 1 Registry Value - all associated with the Reimage program - were infected with Trojan.FakeAlert (http://www.malwarebytes.org/malwarenet.php?name=Trojan.FakeAlert), but I wasn't sure whether this was a false alert.



AVG Internet Security (paid version; my regular anti-virus program) showed no infection.



(Both programs had been updated immediately prior to the scans.)



I sought e-mail help from Reimage, who have suggested, as a first step, that I run SpyBot.



SpyBot (fully updated) has found nothing (other than a few tracking cookies and usage threads).


The Malwarebytes’ Anti-Malware log is as follows:

Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11 Apr 2009 13:40:15
mbam-log-2009-04-11 (13-40-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 257873
Time elapsed: 1 hour(s), 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP905\A0113460.exe (Trojan.FakeAlert) -> No action taken.
My main question is:
Would SpyBot have found the (alleged) Trojan.FakeAlert infection if it were present in the places identified in the log above?I ask this for two reasons:

The (alleged) infected files are not in any of the (default) (Download) Directories listed in the Settings (and I haven't wanted to change these because their function is not clear to me - see separate post).



I could not find the precise name FakeAlert in either of the SpyBot Trojan file lists as viewed in Ignore Products, but I know the names of these infections can vary, and FakeAlert.cc is listed.

I also thought I had read a suggestion (somewhere in the forum or support areas) that it is possible to test an individual file with SpyBot - but I can't find a way of doing that. Is it possible, and if so, how? Or did I imagine it?

So, have I got an infection or not?

Thanks in advance for your help.
Trevor

=======================

@tashi
Thank you for your response, but just to be clear:
I had read the topic "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance), but my understanding is that those instructions apply only to the Malware Removal forum. I considered posting in that forum but decided against it because I did not consider that I was seeking help with removal of malware - particularly since SpyBot had found nothing, and I'm not clear whether I have anything to remove!. Your instructions there also expressly said "if you have no symptoms of infection there is no need to post a log in this forum".

In my view I was simply seeking clarification of SpyBot's functionality ("Would SpyBot have found the (alleged) Trojan.FakeAlert infection if it were present in the places identified in the log above?", for the reasons outlined in the two bullet points at the end of my original post, and I didn't want to waste expert malware removers time or post unnecessary logs!

Apologies if I've misunderstood your procedures. I note you've now moved my post to this sub-forum, and I await your further advice.
The requested log is included below.

==============================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:47, on 14 Apr 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Backup\JungleDisk\JungleDiskMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Security\WinPatrol\winpatrol.exe
C:\Program Files\WinUtils\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe
C:\Program Files\Backup\JungleDisk\JungleDiskMonitor.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Program Files\Hardware\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Microsoft Office\2000\Office\1033\msoffice.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\PDF Professional 3.0\PdfPro3Hook.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Inbox\CToolbar.exe
c:\PROGRA~1\Inbox\CMail.exe
C:\WINDOWS\hh.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\Program Files\Internet Utils\GetRight\GetRight.exe
C:\Program Files\Security\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\Internet Utils\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Virtual Storage Mount Notification - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\Security\LastPass\LPBar.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bridge Class - {E479EDE1-923E-11D3-B82B-00E09871521B} - C:\Program Files\Internet Utils\Compass\CmpsIE.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Hardware\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\Security\LastPass\LPBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Hardware\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Reimage PC Booster] "C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" false na "C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe" /tray
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\Security\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [DOpus] C:\Program Files\WinUtils\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1036791457-2695494504-2582222916-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1036791457-2695494504-2582222916-1011\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Global Startup: Jungle Disk Desktop Monitor.lnk = C:\Program Files\Backup\JungleDisk\JungleDiskMonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\2000\Office\OSA9.EXE
O4 - Global Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\Internet Utils\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Hardware\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Hardware\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Hardware\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Hardware\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Inbox Search - tbr:iemenu
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Internet Utils\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O8 - Extra context menu item: Save Web Page to askSam 7... - C:\Program Files\askSam\asksam7\ASAdd.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Security\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://magnet.2020.net/virtualplanner/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212589685328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157546652687
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: asksam7 - {7176DE82-982D-4F2B-A562-9D0BBE96DEBC} - C:\Program Files\askSam\asksam7\AS7_AIPP.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Hardware\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: EldosMountNotificator - {3CF560DC-DFCB-4737-82C2-9564CA8F733B} - C:\WINDOWS\system32\VSMntNtf.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JungleDiskService - Jungle Disk, Inc. - C:\Program Files\Backup\JungleDisk\JungleDiskMonitor.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\Backup\MozyHome\mozybackup.exe (file missing)
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe

--
End of file - 11506 bytes

shelf life
2009-04-23, 00:31
I vote for false positive. You can also upload the files to Virustotal where they will be scanned by a dozen or so different applications.

when the scan is done you can copy/paste the url back here in your reply

http://www.virustotal.com/

I do not know if SBSD can scan a single file or not.

TrevorD
2009-04-23, 02:51
Thanks.

I uploaded and tested these two files, with the results shown in the links:

Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.

http://www.virustotal.com/analisis/2bdc8180acb2890a947410524b1c3251

C:\ReimageUndo\PostReboot\PostRebootExecuter.exe (Trojan.FakeAlert) -> No action taken.

http://www.virustotal.com/analisis/3c85c586c41f24ac612d775bc943de9e

Both list nothing found by the various scanners, but I can't interprete the rest of the info.


So you may well be right that it's a false positive.

I couldn't access this file to upload it for testing:

C:\System Volume Information\_restore{96B3C7FC-998C-4A30-BBC6-0A87EC69C48F}\RP905\A0113460.exe (Trojan.FakeAlert) -> No action taken.

and this an alleged infected Registry entry:

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.


Any other ways of testing them, apart, of course from downloading and installing further scanners. Is it worth it? Which ones would you recommend?

Any further suggestions?
Thanks again.

shelf life
2009-04-23, 03:22
ok good. Is this the link and the app you downloaded:

http://reimage.com/home/product.php


I ask because I didnt see anything on that web page about the term "PC Booster" but it appears here:

C:\Program Files\Reimage\Reimage PC Booster
--------------------
EDIT;
i installed it to one of my machines, ran MBAM and got the same result;


Malwarebytes' Anti-Malware 1.36
Database version: 2029
Windows 5.1.2600 Service Pack 3

4/22/2009 5:40:27 PM
mbam-log-2009-04-22 (17-40-23).txt

Scan type: Quick Scan
Objects scanned: 7657
Time elapsed: 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reimage pc booster (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe (Trojan.FakeAlert) -> No action taken.

The app seems more like a benchmark utility than anything else. told me Internet Explorer was a Slightly Unstable Program,(may crash, but not frequently). No kidding.

You could post the MBAM results over in the MBAM forum. False positives are always good info.

TrevorD
2009-04-23, 13:33
Thanks very much for going to all that trouble. :bigthumb:

I 'm sure it's the same program, altho' I may have downloaded it through this page: http://reimage.com/home/download-repair.php File size: 81.2 KB (83 240 bytes)
I didn't see anything about the PC Booster either until after completion - it just seemed to come as an add-on product.

As you've probably gathered, I actually went through more than just running the main product, and got it to do a repair (very successfully too I may add, and well worth the GBP 47 it cost after all the time I'd spent trying to fix buffer space and sockets and 3hours from a consultant!)
So it had installed itself in a couple more places on my PC before I ran MBAM.

Yes, the Booster also told me that IE was slightly unstable - but then IE is an MS product. ;)

I don't know that I'll use the Booster longer term, but obviously I wanted to be reasonably sure I hadn't got an infection.

Yes, I will post in the MBAM forum. I hadn't thought of that: was just following Reimage's advice.
I'll also go back to Reimage and suggest they might like to run MBAM.

Thanks again for your help. :bigthumb:

shelf life
2009-04-24, 00:57
no trouble, i install all kinds of goodies, mainly all malware. I noticed about 6 java script files in the PC booster folder, maybe MBAM is flagging those.
In any case I think your safe. Happy safe surfing.

Heres some info for reducing your risk to malware

Reducing Your Risk To Malware:
The Short Version:

1) It is essential to Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is now also true for web based application like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)

10) If your habits include: warez, cracks etc or you install files via p2p (http://www.virusvault.us/p2p.html) networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.