Unsolved
This post is more than 5 years old
48 Posts
0
11145
Computer is working fine. Need your advice to keep it that way.
Hello
" Yes" I'm happy to say," My computer is working fine and it has ever since I got it back in 2006". It is a XPS 400 with 160GB hard drive, 2GB Ram, SP3, IE8, and it has all the critical and important updates installed. For my security software, I have always used Panda, and I have it setup to scan my computer on a weekly basis. I did not install the Panda firewall, but I do have the Window's firewall running. So on the surface at least, I do feel that this combination has kept my computer well protected.
I have read on this Forum many times, posts by people who know alot more about computer's than I do, that say that there is no one security program, either the paid or free version, that can be trusted to be able to stop all the virus's and such, that are trying to get on ones computer. Because of this, I would like to get your advice and or recommendation's to a couple of question's I have.
What free, on-demand scanning program would you recommend, that I could download and scan my computer with to possibly find anything that Panda may be missing?
What steps would I need to follow to do this correctly? Such as:
1. Download scanning program to my Desktop
2. Go offline
3. Close all open program's
4. Turn off Panda
5. Open and run scanning program
When it is done running, do I keep the program on my computer, and than before I use it again, I update it's virus signature file, or do I remove it by using the Add/Remove function, or by simply deleteing it?
I thank-you in advance for any response you may offer me on this matter.
LKW198
joe53
2 Intern
2 Intern
•
5.8K Posts
0
December 15th, 2009 15:00
LKW 198
"What free, on-demand scanning program would you recommend, that I could download and scan my computer with to possibly find anything that Panda may be missing?"
Malwarebytes' Anti-malware (MBAM) free version, hands down.
- Download it to your desktop from here: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
There is no need to go offline to run an on-demand scan. I would suggest running a "Quick Scan" only, as it detects 99% of what the "Full Scan" does, and only takes a few minutes.
It is best to disable your Panda AV prior to scanning with MBAM. I'm not familiar with Panda, but would imagine that right-clicking Panda's icon in your notification tray (the lower right corner of your screen) would give you this option. Remember to re-enable Panda AV once an MBAM scan is done.
There is no need to uninstall MBAM after scanning. Just keep it for future use. As an on-demand scanner, it does not run in real-time, and consumes no resources. Just update it prior to any subsequent on-demand scan.
LKW 198
48 Posts
0
December 17th, 2009 08:00
joe53
First of all, thank-you for your response to my question's. I did run a scan using MBAM, and guess what, it found four infected objects. I did go in and look at the report on what it had found, but I honestly had no idea what it was trying to tell me. Two of the item's were listed as " Trojan.Vundo", of which, I did find information about on the internet. The other two item's were listed as "Disabled Security", and this I think, was referring to the possibility that this Trojan.Vundo, was, or had at one time, turned off part of my Security program. I did give MBAM permission to remove these item's and it say's that they were successfully deleted, and as far as I can tell, my computer is still working fine. When I looked in the log file in MBAM, I have these four item"s listed, and my option's are, I can delete or restore any or all of them.
joe53, can you give me a little guidance on what to do with these four item's? Do I delete them now or wait awhile before I do? I can't think of any reason I would want to restore them. Should I normally give MBAM permission to remove item's that it reports as being something I should remove, or am I correct in thinking that because I have the option to restore item's listed in the log file, that there may be times when MBAM may report back a "false positive" and I would want to restore it? Not sure how I would know wether it was a false positive or not, but that is another bridge to cross down the road.
Thank-you in advance for any response you may give me. It is very nice that you, and some of the other people I see on this web site, are willing to take the time to help people like me out with our question's and problem's.
LKW198
.
joe53
2 Intern
2 Intern
•
5.8K Posts
0
December 17th, 2009 10:00
LKW198
You are most welcome. We are always glad to help here.
As to the 4 detections by MBAM:
MBAM is not noted for having many false positive detections, but you did say your PC is workling well, so I'm a bit suspicious. It sounds like MBAM quarantined those files, which effectively isolates them from your PC. Do NOT delete them yet. If they are false positives, you will want to restore them.
Could you copy/paste and post here the log file generated by MBAM after its scan? The log is a simple text file, and will likely be found in C:\Documents and Settings\ \Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
LKW 198
48 Posts
0
December 17th, 2009 11:00
joe 53
Sorry I am taking so long to get this done, but the first time I tried it, I could not find the Post button. I hope this is what you wanted.
Malwarebytes' Anti-Malware 1.42
Database version: 3379
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/16/2009 6:48:27 PM
mbam-log-2009-12-16 (18-48-27).txt
Scan type: Quick Scan
Objects scanned: 139247
Time elapsed: 9 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0074e07 (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fcda5551.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
If I read this correctly, isn't this saying that these four item's were quarantined and deleted successfully. In the log file there are what they call Reference number's associated with each item. I will list them here in the same order as they pertain to the order they are listed above. I'm sure they will mean something to you.
1. 28673
2. 38406
3. 27182
4.73728
Will post this and wait for your response.
LKW198
.
LKW 198
48 Posts
0
December 17th, 2009 13:00
joe53
It's nice to read that you think I have nothing to worry about, and if I understand you correctly, I can go ahead and delete these four entries in MBAM's Log file. Thank you for taking the time to help me on this matter.
LKW198
joe53
2 Intern
2 Intern
•
5.8K Posts
0
December 17th, 2009 13:00
LKW198
That is exactly what I wanted. Good show!
It appears MBAM is only detecting registry entries, not files. Perhaps you were infected in the past.
Re: Security Center\AntiVirusDisableNotify
This is not a detection of malware. It indicates that your Security Center's settings have been changed. If you have manually disabled any component of your Windows Security Center (such as the Windows Firewall or told Windows not to alert you when your anti-virus updater is not functional), MBAM will detect it.
Personally, if your PC is running well, I think you are good to go.
iroc9555
1K Posts
0
December 17th, 2009 15:00
Hi LKW198.
You understood wrong.
Joe said:
"Do NOT delete them yet. If they are false positives, you will want to restore them."
Sorry joe to barge in, but LKW198 needed an answer pronto.
You need to make sure those registry entries are not needed to run your PC before deleting them, run your PC for a week or so, and that they are from a long ago infection or F/P by MBAM.
LKW 198
48 Posts
0
December 17th, 2009 17:00
iroc955 and joe53
Here is were that old saying I've read on this web site many times posted by joe53 " If it ain't broke, don't fix it" is starting to kick me in the rear end. If you go back to my second post in this thread, you will read that I gave MBAM permission when it was done scanning, to Remove The Selected entries that it had put into quarantine. It reported back that they had been successfully deleted, and the Log file that I posted here says that at the end of each entry.
These four entries are still in MBAM's Quarantine file. I have not deleted them. If I go into that file and select any one of the entries, the option to Restore appears to be a valid option. It does not get greyed out.
So, needless to say, I am not at all knowledgeable enough about computre's to have even the slightest idea as to what I should or should not do next. So I would appreciate some feed back on what the next step should be.
I thank-you both for any response you may give me.
LKW198
bobcollard
21 Posts
0
December 17th, 2009 18:00
When you say your computer is working fine, do you mean the equipment, hardware, periferals or your system and software? I'm not pushing anything off on you, but, you might be able to improve on your hardware's performance with a different system and software. The price is right (Free.) It's backbone is well known (Unix) and it is made for many different computer hardware. I'm writing about Linux. The software is on the cutting edge and with modern graphical user interfaces (GUIs) it works as simple as any PC System you have had your hands on. To top this all off you don't have to worry about Malware, Viruses, Quarantine files or any of that. If there is anything coming into your machine you are aware of it. Before you are able to install anything the software asks you if you trust the maker, so it is impossible for someone to hide an installer in an E-mail or an attachment. It's just s suggestion. You can get disks free to try and keep, or make your own Live CD which you put into your computer without installing anything to try out the software. There are so many distributions it is hard to recommend any one, but the Ubuntu/Kubuntu versions are the most popular right now. Another called Linux Mint is built from the ground up for people who don't have time to maintain their systems, it tells you when there are updates. Dell themselves now make machines with this system installed at a discounted price. Check it out, it won't cost you anything except a few minutes of your time.
joe53
2 Intern
2 Intern
•
5.8K Posts
0
December 17th, 2009 21:00
Good golly- an awful lot of advice here!
All I meant to say is that I see no evidence of serious infection. Do nothing and you will be safe indefinitely.
Quarantined files and registry entries cannot harm you. Leave them alone.