Strange behaviour of Malwarebytes' 1

[bronan]

When run SFC /Scannow, Malwarebytes’ –Antimalware 1.46 is reporting next malwares:
-C:\Windows\System 32\dllcashe\beep.sys as “Fake beep. sys .”
- C:\Windows\System 32\dllcashe\cdrom.sys. as “ Troyan Patched” and
- C:\Windows\System 32\dllcashe\stup.exe as “Troyan Dropper”
If I scan C:\Windows\System 32\dllcashe\ folder with Malwarebytes’ –Antimalware 1.46, no wornings , all is clean , nothing is found.
I am confused what is it- false positive or something else ?

 

[goombawaho]

^^^ I'm all for format/reload when the troubleshooting time goes over about 2 hours. I mean, unless you have bootleg programs that you can't reinstall or don't have licenses for, it's sometimes easier just to give up the fight, but win the war.

This is especially true if you are BILLING someone for this type of work. If it's on your own time, feel free to work on it for 20 hours as an "experiment" or as "fun". Sometimes us geeky people forget the end result and the easiest way to get there.

 

[kjv1611]

Yeah, that's why I usually recommend up front - if it seems at all possible for this to take more than even 30 minutes or an hour to knock out, seriously consider reinstalling Windows... you'll likely end up fixing other small issues in the process, anyway, so if it takes a little more time, even, it's well worth it. Also, since Windows XP, installing Windows on most hardware has been pretty painless... especially since XP SP2... well, that's my opinion on the matter.

Here's the thing - with some issues, you MIGHT fix it in 15 to 30 minutes... then again, it could become a nightmare and take DAYS or Weeks or... well, you get the idea..

As far as licensing for software, Adobe's professional stuff isn't fun - you do have to go through some headaches there. If I remember reading correctly, if you need to uninstall it, and reinstall to a different machine, you need to click a certain option in the uninstall AND copy a certain file or code or something... I forget.

Of course, if when you first install, you create an image of the clean install, you can save yourself SOME of the pain of going back to square one... just the updates/changes since the initial install..

 

[bronan]

I read carefully all what you suggest.
Sorry but I couldn't find any answer- how is possible that MBAM when doing fool scan of my C;\-can not find any malware,
but if I run SFC /Scannow this three phantom files appears.
If I go to hidden folder C:\Windows\system32\dllcache I am unable to locate any of this three problematic files to delete or replace them- so how BartPE or my Windows XP Pro SP3 CD can be used.
You've note even MBAM is unable to quarantine those files.
I have two of this three files in C:\Windows\ServicePackFiles\i386 - beep is missing- so I can try to copy them and place in folder dllcache, but I am not sure if this will help to solve this issue.

 

[kjv1611]

1. Backup Data
2. Wipe hard drive totally clean with DBAN or Active KillDisk
2. Reinstall Windows
3. Reinstall apps, including MBAM
4. See if get same results.

If you do...
5. Bang head against wall, and then:
a. Keep searching, testing or....
b. Ignore or...
c. See if there are any settings to IGNORE said location(s) and/or files.

Here's a thought - maybe I missed it already being mentioned... Have you tried contacting Malwarebytes about it?

 

[bronan]

Boot with BartPE CD , run SFC /Scannow , but nothing was reported as malware.
From my ServicePackFiles folder copied and past two of thtree problematic files in sytem32/dllcache folder i.e.
-C:\WINDOWS\System32\dllcache\cdrom.sys and
-C:\Windows\System 32\dllcashe\stup.exe
Now when running SFC /Scannow , MBAM is not reporting any problem for this two files, only is reporting problem as a fake beep.sys file for
- C:\Windows\System 32\dllcashe\beep.sys
Try and search in my XP Pro SP3 CD this file , but only found the beep.sy. driver file- not this one from system32/dllcashe
folder.
@linney, please if you can direct me from where I can dload it, or if you can upload it for me.
I have contacted MBAM but no help from their side.
Thanks very much for advices like
-Wipe hard drive totally clean with DBAN or Active KillDisk
-Reinstall Windows
-Reinstall apps, including MBAM
I hope my problem and way how to sort it will help someone in the future.

 

[linney]

http://cid-db58e4a03b3dccab.skydrive.live.com/self.aspx/Public/beep.sys

Click the file that you want to download, click Download, and then click Save.

 

[goombawaho]

This thread just keeps giving and giving, when it should just be giving up.

 

[bronan]

@linney,
Thank you very much for assistance.
MBAM problem is now sorted and this is protection-log-2010-05-28 after SFC /Scannow:
13:48:57 user MESSAGE Protection started successfully
13:49:11 user MESSAGE IP Protection started successfully

Best regards,

 

[goombawaho]

Give him a star for all that hassle.

 

[bronan]

Give him a star for all that hassle. "
Done with a pleasure

 

[goombawaho]

Excellent