Rogue.Fake.MSE & Don't.Steal.Our.Software

[Fred44]

Fred, if you don't mind, I would prefer to contact you through the thread system, this way others can benefit from the solutions How many files have been downloaded? If you want to be sure, you could upload them to:

VirusTotal - Free Online Virus and Malware Scan

And this will scan the file against a range of anti virus detection files. This is a bit OTT, but if there is only a few and you want to be sure, then do it.

I doubt that this is the problem however.

From your log file, I see that you are running MBAM 1.45, have you tried updating to 1.46 to see if this works?

Malwarebytes' Anti-Malware Free Download and Reviews - Fileforum

I just followed your link and downloaded MBAM 1.46 and updated to 4180. I'm running a full scan now. Let me know if you think a quick scan is sufficient to detect this issue. Thanks for all the assistance!

Fred

 

[niemiro]

Rogue.FakeMSE was reported as a false positive a little while ago, and should have been fixed already. Please update to 1.46 and the latest databases, and it should be fixed.

 

[Fred44]

Rogue.FakeMSE was reported as a false positive a little while ago, and should have been fixed already. Please update to 1.46 and the latest databases, and it should be fixed.

I downloaded v.1.46 and then updated as soon as it was installed. It said I had 4180 now. Is there a separate action for updating the latest databases or does the "update" function take care of that? I'm running a full scan with the new version right now. (Do I need to do the full or would a quick scan suffice?) Thanks for the help.

Fred

 

[niemiro]

Downloading a new version updates the 1.45 to 1.46 (you have done this already) and clicking Update updates the database (you have also already done this) It depends how much time you have, full would be ideal, but you may not be able to do that at the moment.

 

[Fred44]

Downloading a new version updates the 1.45 to 1.46 (you have done this already) and clicking Update updates the database (you have also already done this) It depends how much time you have, full would be ideal, but you may not be able to do that at the moment.

I running a full scan at the moment...about 30 minutes into it and it's found 1 object infected so far. I'll have to wait till the scan is over to find out. It coould be the Don't.Steal.Our.Software thing. I have MSE set to run a daily scan (quick) and it did not detect anything this morning. I also did a full scan with a-squared earlier and it found nothing. Could this just be a MBAM glitch? The computer is running fine...no problems.

 

[tom982]

Yes, it could be a glitch, but I don't know until I see that log.

No worries, just post the log whenever you can

 

[Fred44]

Yes, it could be a glitch, but I don't know until I see that log.

No worries, just post the log whenever you can

Yeah, the new version did not detect the Rogue.Fake.MSE. The Don't.Steal.Our.Software entry did come up, but as I understand it, that's something MBAM did to establish the fact that their database was being stolen. Isn't that correct? Here's the log. Looks clean except for the Don't Steal thing. Thanks so much!


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4180
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
6/8/2010 2:51:51 PM
mbam-log-2010-06-08 (14-51-51).txt
Scan type: Full scan (C:\|)
Objects scanned: 280043
Time elapsed: 45 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Fred\Documents\Fred's Files\Programs_Patches_Setup\mbam-setup-1.46.exe (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.

 

[Fred44]

Oh, BTW, MBAM was again disabled from startup after rebooting.

Fred

 

[tom982]

That's very strange that it's detecting its own installer as a virus. Perhaps you should contact Malwarebytes about this as they may be interested to find that their software is deleting itself.

mailto:[email protected]

 

[tom982]

And they may correct the problem, if it is their problem and not a mistake made by us.

 

[Joan Archer]

Oh, BTW, MBAM was again disabled from startup after rebooting.

Fred

Just a quick question here, do you have the free version or the paid version of MalwareBytes ?

The free version doesn't run in real time and that may be why it doesn't start at boot.

 

[Fred44]

That's very strange that it's detecting its own installer as a virus. Perhaps you should contact Malwarebytes about this as they may be interested to find that their software is deleting itself.

mailto:[email protected]

I'm not sure what you mean by deleting, but it is disabling MBAM from the startup menu after reboot. I just sent them an e-mail.

 

[Jacee]

Showing it was a false/positive
Rogue.FakeMSE, is this F/P? - Malwarebytes Forum

Look in Services by typing services.msc, scroll down to MBam, right click on it and choose properties. Set the dropdown box to 'Automatic'

 

[Fred44]

Showing it was a false/positive
Rogue.FakeMSE, is this F/P? - Malwarebytes Forum

Look in Services by typing services.msc, scroll down to MBam, right click on it and choose properties. Set the dropdown box to 'Automatic'

Malwarebytes is not listed in my "services" menu. The Rogue.Fake.MSE is not coming up anymore, but Don't.Steal.Our.Software. is. I wonder why MBAM isn't listed in my "services" menu though!!

 

[Fred44]

Another problem now..I just ran Super Anti-Spyware and after I rebooted MSE was turned off. I got a warning in the tool bar that I had multiple security issues and when I opened the security center MSE was turned off. It is also not listed in my services menu. Any ideas what's going on here?

Fred

 

[Jacee]

Did you download MSE from here? http://www.microsoft.com/security_essentials/

Uninstall the program and delete the folder. Reboot your computer, then download it again.

 

[Fred44]

Did you download MSE from here? http://www.microsoft.com/security_essentials/

Uninstall the program and delete the folder. Reboot your computer, then download it again.

I downloaded it from the Microsoft website, so I assume that's the site. Oh, any ideas why MBAM is my services menu?

 

[Jacee]

Fred download DDS from one of these links:

Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Right click the dds icon, choose to run as Administrator, to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt<--- this log will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

 

[Jacee]

Fred, this doesn't do anything to your computer .. all it does is show me some files so that possibly, we can track down the problem.

 

[Fred44]

Fred download DDS from one of these links:


Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Right click the dds icon, choose to run as Administrator, to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt<--- this log will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

How do I disable script blocking protection?