Rogue.Fake.MSE & Don't.Steal.Our.Software

[Fred44]

I just ran a full Malwarebyte scan today and came up with these 2 items. The Rogue bit is supposedly caused by a fake version of MSE. I downloaded mine from the Microsoft site and even confirmed it today by attempting to download it again. I was told that MSE was already installed on my machine. So I know my version of MSE is legit.

The Don't. Steal bit has something to do with a company (Obit, I believe). Which has supposedly pirated some proprietary components of Malwarebytes for their anti-malware app.

Interestingly, when the scan was over I got a message on my toolbar that Malwarebytes had been blocked from the startup menu.

Since I have the real version of MSE, I'm just wondering how I picked up this Rogue.Fake.MSE bug? And how about the Don't.Steal,etc. thing? Where do you pick this stuff up? I'm very careful about what sites I visit.

Fred

 

[ilikefree]

I did read that a company stole Malwarebytes code and they caught them by releasing false virus definitions which turned up in the other companies updates. Don't know if that helps you. There is still ill feeling between the two though.

 

[Fred44]

I did read that a company stole Malwarebytes code and they caught them by releasing false virus definitions which turned up in the other companies updates. Don't know if that helps you. There is still ill feeling between the two though.

These items turned up after a Mawarebytes full scan and then Malwarebytes was disabled from my start menu. And the Rogue.Fake.MSE..? Where could that have come from, since I know I have a legit version of MSE downloaded from their website???

Fred

 

[tom982]

Perhaps they didn't come from that source then.

Do you download any illegal content? Because this is often a source of viruses.

 

[Fred44]

Perhaps they didn't come from that source then.

Do you download any illegal content? Because this is often a source of viruses.

No. but just uninstalled MSE and downloaded a fresh version, ran the Malwarebytes sacn and came up with Rogue.Fake.Mse again. Malwarebytes was again disabled.

 

[tom982]

So malware bytes disabled itself?

 

[Fred44]

So malware bytes disabled itself?

I guess that's what happened. I was running a full scan with Malwarebytes and at the end it found 2 or 3 instances of the Rogue.Fake.MSN. I chose to delete them, restarted the computer and got a message on the toolbar that Malware bytes had been disabled. I'm now running a scan with a-squared to see what it comes up with.

 

[tom982]

Alright, let me know how that goes.

Do you have CCleaner?

 

[Fred44]

Alright, let me know how that goes.

Do you have CCleaner?

a-squared is still scanning. I don't have CCleaner. Had it once but removed it because of erratic behavior. Can't remember what the problem was, but just remember there were some issues with it. Would you recommend running CCleaner? I know lot's of people recommend it.

 

[Jacee]

Copy and paste the Malwarebytes' log ...

 

[tom982]

Alright, let me know how that goes.

Do you have CCleaner?

a-squared is still scanning. I don't have CCleaner. Had it once but removed it because of erratic behavior. Can't remember what the problem was, but just remember there were some issues with it. Would you recommend running CCleaner? I know lot's of people recommend it.

If you had problems with it, then don't install it. I would ususally recommend running it to clean up keys which could be corrupted, but on this occasion I don't recommend it.

 

[Fred44]

Jacee asked me to copy and paste the malwarebytes log. When I click on the link the post is not here. If you're there Jacee, is this the log you mean?

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4176
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/8/2010 11:40:40 AM
mbam-log-2010-06-08 (11-40-40).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

 

[Fred44]

BTW, I just found out that my son has installed SoulSeek on his desktop and downloaded some music files. When I click on the folers or files that he downloaded and scan with Malwarebytesn no malicious items are found. What should I do?

 

[niemiro]

Ideally we need a MBAM log which is infected so we can see exactly what files are showing up as infected, though Jacee will have to look at it (see my signature)

 

[tom982]

Fred, if you don't mind, I would prefer to contact you through the thread system, this way others can benefit from the solutions How many files have been downloaded? If you want to be sure, you could upload them to:

VirusTotal - Free Online Virus and Malware Scan

And this will scan the file against a range of anti virus detection files. This is a bit OTT, but if there is only a few and you want to be sure, then do it.

I doubt that this is the problem however.

From your log file, I see that you are running MBAM 1.45, have you tried updating to 1.46 to see if this works?

Malwarebytes' Anti-Malware Free Download and Reviews - Fileforumhttp://www.malwarebytes.org/

 

[tom982]

And in your MBAM log you have only scanned 2 files, why is it only 2? And are these any files in specific?

Preferably we need a MBAM log file of a full scan of your whole computer.

 

[Fred44]

Fred, if you don't mind, I would prefer to contact you through the thread system, this way others can benefit from the solutions How many files have been downloaded? If you want to be sure, you could upload them to:

VirusTotal - Free Online Virus and Malware Scan

And this will scan the file against a range of anti virus detection files. This is a bit OTT, but if there is only a few and you want to be sure, then do it.

I doubt that this is the problem however.

From your log file, I see that you are running MBAM 1.45, have you tried updating to 1.46 to see if this works?

Malwarebytes' Anti-Malware Free Download and Reviews - Fileforum

I just updated. It said I updated from 4176 to 4180. I'll try to upload the MBAM files you need. Not sure I know how? Will a quick scan with Malwarebytes be sufficient?

 

[Fred44]

Oh, BTW, A-squared found nothing suspect after a full scan. Is this good news?

 

[Fred44]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4176
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/8/2010 10:39:27 AM
mbam-log-2010-06-08 (10-39-27).txt
Scan type: Full scan (C:\|)
Objects scanned: 270926
Time elapsed: 1 hour(s), 1 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpnwmon (Rogue.FakeMSE) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Microsoft Security Essentials\Drivers\mpnwmon\mpnwmon.sys (Rogue.FakeMSE) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\MpNWMon.sys (Rogue.FakeMSE) -> Quarantined and deleted successfully.
Here's one of the MBAM logs with the Rogue items

 

[Fred44]

Here's another. (I just ran a quickscan and no malicious items Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4176
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/7/2010 5:37:40 PM
mbam-log-2010-06-07 (17-37-40).txt
Scan type: Full scan (C:\|)
Objects scanned: 269967
Time elapsed: 53 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpnwmon (Rogue.FakeMSE) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Microsoft Security Essentials\Drivers\mpnwmon\mpnwmon.sys (Rogue.FakeMSE) -> Quarantined and deleted successfully.
C:\Users\Fred\Documents\Fred's Files\Programs_Patches_Setup\mbam-setup.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\MpNWMon.sys (Rogue.FakeMSE) -> Quarantined and deleted successfully.
were found. Should I run another full scan?)