Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: SBS&D self-aborting

  1. #1
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default SBS&D self-aborting

    Can't get it to run since today's update. Sent bug report. Pete

  2. #2
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi spy1,

    which update? Detection rules update or version update? Please be more specific.
    Best regards - Beste Grüße,

    Matt

  3. #3
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    I'm running SBS&D v.1.6.0.26. I tried updating it just now and there aren't any newer updates, so I've got whatever the latest is (I updated it before trying to run the scan prior to the problem I'm having).

    The scan itself is what's aborting.

    This is my MBAM log:

    Malwarebytes' Anti-Malware 1.34
    Database version: 1828
    Windows 5.1.2600 Service Pack 3

    3/9/2009 3:10:17 PM
    mbam-log-2009-03-09 (15-10-13).txt

    Scan type: Quick Scan
    Objects scanned: 70923
    Time elapsed: 3 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 33

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\tbsb00982.tbsb00982toolbar (Adware.Trace) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\IEToolbar (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> No action taken.

    Files Infected:
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\Thumbs.db (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> No action taken.
    C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> No action taken.


    Has the latest iteration of the ant toolbar gone totally rogue? Pete

  4. #4
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    No, because it said "No action taken" in the log. I don't think you told MBAM to remove the malware.

  5. #5
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    That's correct - I didn't tell it to remove the malware (I wanted to play with it for awhile, but I had to leave for work - just got back awhile ago).

    Anyway, I had started off a TrojanHunter Scan before I left for work - when I got home, TH had found a bunch of stuff but it, too, had locked up (couldn't clean it up, IOW, program frozen), so I RE-ran a "Quick" scan with TH and had it clean the stuff as it found it while scanning (I've had to do that before).

    Here's what TH found:

    Registry key exists: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (matches Adware.Softomate.131)
    Registry key exists: HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} (matches Adware.Softomate.131)
    Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
    Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
    Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
    Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
    Removed registry key HKEY_CLASSES_ROOT\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

    THEN I was able to run SBS&D - "No Immediate Threats Found".

    I guess what concerned me the most about this infection - whatever it was - is that it was so easily able to blow the SBS&D scan out of the water. TrojanHunter ran (albeit with problems), but was evidently able to cope with it - and MBAM was able to run and FIND the problem (although it was "frozen" and wouldn't fix it, either).

    It's got to be the Ant toolbar causing this - I just updated it not that long ago since a newer version was out (and, yes, I got from THEIR site).

    Unless, of course, this whole thing was a string of FP's (which strains my credulity - I don't picture three separate programs calling a problem without there actually BEING one).

    That's where I'm at right now. Pete

  6. #6
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    "In-Depth" scan with NOD32 shows nothing this morning. Running MBAM again (full scan this time) to see if it finds any remnants. (Gotta take wife to dentist, BBL). Pete

  7. #7
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi spy1,

    If your is infected , you can always do this:

    Read the thread "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) from tashi carefully, especially post #1+2. After you've done everything, post your own thread in the Malware Removal Forum, where someone will help you.

    It's always good to have more then one Anti-Spyware tool on the computer.

    Moreover, if you are clean, you can un-install the old version of Spybot and install the current one from here.
    Best regards - Beste Grüße,

    Matt

  8. #8
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Matt - Thanks - didn't know my program version wasn't up-to-date (thought the updater was supposed to take care of that if I have it set to do so?).

    The NOD32 scan came up clean (depressing, given what I did next). Ran MBAM again (this is AFTER the "un-install" of the ant toolbar) and got this:

    Malwarebytes' Anti-Malware 1.34
    Database version: 1828
    Windows 5.1.2600 Service Pack 3

    3/10/2009 11:35:52 AM
    mbam-log-2009-03-10 (11-35-52).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 106783
    Time elapsed: 23 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 33

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar (Trojan.Agent) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.crc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\ant.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\AntPlugin.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\arrow_refresh.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\basis.xml (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\bt_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\cancel.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_bar.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\chart_line.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\computer_error.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\delete.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\drive_disk.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\email.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\explore.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\help.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\icons.bmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\info.txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\logo.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\magnifier.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\monitor.png (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.html (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\player.swf (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\s_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\tbhelper.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\Thumbs.db (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_fd.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\topbar_shadow.gif (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\version.txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\IEToolbar\Ant.com Toolbar\wrench.png (Trojan.Agent) -> Quarantined and deleted successfully.

    As you can see, MBAM was able to successfully quarantine and delete all that stuff.

    Please feel free to move this entire thread to the Malware Removal Forum if you think it would be of benefit. Thanks! Pete

  9. #9
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi spy1,

    Quote Originally Posted by spy1 View Post
    Please feel free to move this entire thread to the Malware Removal Forum if you think it would be of benefit. Thanks! Pete
    I can't do this, sorry.
    If you still need help, follow the instructions I've given in my previous post.

    I would never build only on one Anti-Spyware tool.
    Best regards - Beste Grüße,

    Matt

  10. #10
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Thank you for your time and attention, Matt.

    I think I'm good now that all scans on everything are coming up clean. Pete

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •