Did anybody know about a limitation or bug in "safe boot mode" FULL SCAN?????

Archive
1

What is up Pals??? Nobody concern about this???

 

"BIG BIG BIG was my Surprise because neither NIS2009 and SAS have found the well know Vundo Trojan in my laptop (windows XP Media center edition  SP3, 2gbRAM, Firefox 3.0.6, Windows updated, also NIS2009 updated, also SAS updated v.4.25.1012).
HOW is that possible!!!!!!!!!!!!!!!!!

Even I have run NIS2009 and SAS in "safe boot mode"!!!!!

Or there are a bug in NIS2009 and SAS in "safe boot mode" I have not notice yet?!?!?!?!?!?!??!

I will copy my Log file from "Malwarebytes' Anti-Malware 1.34 updated" if some is interest or want to believe me or want to explain what the hel* is going. Thanks in advance".

 

I can't reproduce the virus in other computer because I don't know how to find and copy "Vundo trojan" to other computer, But in the LAB there are and old pc with a "HDVA" virus (or something like that) that have disable the "unselect" or disable "the disable function" of Windows system restore. So every time we reboot the PC, the antivirus NIS2009 find again the same virus. I have try to RUN FULL SCAN in "safe boot mode" but again NIS2009 and SAS found nothig.

 

Did anybody know about a limitation or bug in "safe boot mode" SCAN?????

 

*****************************************

I will copy my Log file from Malwarebytes if some is interest or want to believe me or want to explain what the hel* is going.

 

Anyway here is the log, any ideas???? Thanks in advance.

 

************************************************************

Malwarebytes' Anti-Malware 1.34
Database version: 1753
Windows 5.1.2600 Service Pack 3

12/2/2009 2:31:34
mbam-log-2009-02-12 (02-31-34).txt

Scan type: Quick Scan
Objects scanned: 90099
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06e12c36-760f-4d92-8509-5e5dbf12c423} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\heyakfmm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmfkayeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

<<edit: removed broken link>>

Message Edited by TomV on 02-20-2009 08:32 AM