Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Malwasrebytes trojan infection

May 6, 2010 5:17AM PDT

I tried to scan my dual 32-64bit HP TouchSmart 300 PC running Windows 7 and IE 8 with Malwarebytes today - unsuccessfully.

Therefore, I completely uninstalled the software three times, reinstalling each time.

WARNING: although I downloaded and installed from two separate sites -CNet Downloads, MajorGeeks - ThreatFire Free detected a Trojan each time. ThreatFire successfully killed the Trojan.

I STUPIDLY did not make a note of which Trojan it was. And thank you, ThreatFire. Anyone who pours scorn on sandboxes needs to think again.

Discussion is locked

- Collapse -
I've just checked
May 6, 2010 5:34AM PDT

with Jotti's virusscan web site. I uploaded CNET Download.com's mbam-setup-1.46.exe to virusscan and the results are show below;
http://virusscan.jotti.org/en-gb/scanresult/78c48dfc2e7aa4a540e10e9ccefde7c2f2fb8b87/7f972672c61ec3b85d5869af3d0be5770e9f70e0

This is the result from a 'previous' upload of this file, and all AV scanners report it is clean. So this might be what is known as a 'false positive'. If so, Threatfire should be contacted to see if they have any explanation.

The web page I downloaded it from was;
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol

Please can you do me a favor. Go through the steps you did before to download the file from those two sites you did before, and then copy the web site addresses for each, and paste them into a reply here.

Then we can compare the Download.com one, and I will see about the MajorGeeks one. There are scam sites about, and some may be pretending to be either Download.com or MajorGeeks.com.

Thanks

Mark

- Collapse -
RE: I've just checked
May 6, 2010 5:52AM PDT

Thanks Mark.

Will attempt to do what you suggest, then get back to you.

Perhaps I should have added that each time I uninstalled malwarebytes, I used Search Everything after using CCleaner and/or Glary Utrilities built-in uninstallers.

mediawork

- Collapse -
Ouch!
May 6, 2010 5:59AM PDT

I always cringe when I see users who mention registry and system optimisers like Glary Utilities. I always wonder what registry damage they may cause.

But let us know those two web sites, and perhaps we can see if there is anything strange with them.

Mark

- Collapse -
Re:Ouch!
May 6, 2010 6:31AM PDT

Hi Mark, sorry to ouch you. However, I found that these two freewares stopped my PCs from slowing up during the last 10 years.

I ran malwarebytes installer as you suggested. Both times before the Save step, ThreatFire found a high potential threat. I then killed the threat, and did not install.

The CNet Downloads and MajorGeeks websites both began thus: C\USERS\APPDATE\LOCAL\MICROSOFT\WINDOWS\TEMPORARYFILES\CONTENT.

CNetDownloads continued: IE5\45BY5RS\\MBAM-SETUP1.46(I)EXE

MajorGeeks continued: W87HL00\MBAM-SETUP-1.46(1).EXE

Signing off for the night to watch Brit election results

- Collapse -
Ahh, that's not what mean
May 6, 2010 8:38PM PDT

I need to know the web site addresses of those two download web sites, not the locations on your C drive.

What I mean is this.

1] Goto the 'original' web site where you first downloaded the Malwarebyte's Anti-malware installer file. Instead of clicking the "Download Now" button, (or similar named option), in that web site, copy the full web site address, (called the URL), and paste that into a reply here.

2] Do the same for the other web site you downloaded the installer file from and do the same.

Mark

- Collapse -
You'll hate me for this
May 6, 2010 10:04PM PDT

Hi Mark,

although I've been using computers for more than 20 years, I have never mastered how to paste an URL.

All I can do is paste a whole page, and the URLs on the two sites from which I downloadedn are impossibly long. Just can't get my ancient head round the entire cut and paste concept.

Of courder, I agree with both you and Kees that the whole thing may be a false positive.

- Collapse -
It's in the browser address bar
May 6, 2010 10:11PM PDT

When you open your browser, you can type an address in the address bar, eg www.google.com.

If you look at the address bar for this discussion, you will see it starting with http://fprums.cnet.com ... etc.

Just click inside the address bar and that should highlight the whole address. Right click with your mouse, select Copy. The make a new post here, then right click the mouse, select Paste.

Mark

- Collapse -
Re: infection
May 6, 2010 8:45PM PDT

You forgot to say WHY scanning with Malwarebytes was unsuccessfull.

And, as for the trojan, let's assume it's a false positive from ThreatFire. Do you object to that assumption?

Kees

- Collapse -
Malwarebytes suspected infection - reply to Kees
May 6, 2010 9:57PM PDT

Thanks, Kees, good question.

Each time I tried to do a full Malwarebytes scan - not a quick scan - a sub-window popped up saying somet6hihng like this attempt was unsuccessful, would I like to download Malwarebytes again immediately?

I did not. I always uninstall any programme that is misbehaving or that I no longer need using Control Panlel or CCleaner or Glary Utilities - then deleting all I can of what remains using Search Everything.

Only afteer all that, did I reinstall Malwarebytes.