Author Topic: 10.0.9.0 and MalwareBytes  (Read 6374 times)

0 Members and 1 Guest are viewing this topic.

December 11, 2014, 12:48:51 am

sprintman

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
10.0.9.0 and MalwareBytes
« on: December 11, 2014, 12:48:51 am »
Latest version sees MBAMservice.exe as Zeus Trojan.  Needs fixing ASAP

Reply #1December 11, 2014, 08:49:14 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: 10.0.9.0 and MalwareBytes
« Reply #1 on: December 11, 2014, 08:49:14 am »
Hello
Plese give us a report.

Reply #2December 11, 2014, 11:00:28 am

sprintman

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: 10.0.9.0 and MalwareBytes
« Reply #2 on: December 11, 2014, 11:00:28 am »
Same on our 32-bit and 64-bit systems.  I work in IT too


RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 12/11/2014  20:56:59

Processes : 2
[Tr.Zeus] mbamservice.exe -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Killed [TermProc]
[Suspicious.Path] VMBQuickStartService.exe -- C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe[7] -> Killed [TermProc]

Registry : 12
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\User\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Vodafone Mobile Broadband QuickStart ("C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe") -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3659011779-3850564267-1580858498-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

Tasks : 0

Files : 0

Hosts File : 1
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1   localhost

Antirootkit : 106 (Driver: Loaded)
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x86f08f18
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x86f08f90
[SSDT:Addr(Hook.SSDT)] unknown[19] : Unknown @ 0x86eef2d0
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x86e09708
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x86eefe60
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x86f04b38
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x86eefc58
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x86f1aa08
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86eefd00
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x86eefef8
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x86eef530
[SSDT:Addr(Hook.SSDT)] unknown[131] : Unknown @ 0x86f1ab98
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x86f08de8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x86f08e80
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x86e16528
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x86eeefb0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x86f04ac0
[SSDT:Addr(Hook.SSDT)] unknown[190] : Unknown @ 0x86ed95a0
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x86eef358
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x86f04990
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x86eef5b8
[SSDT:Addr(Hook.SSDT)] unknown[215] : Unknown @ 0x86eefdb8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x86eefbb0
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x86eefb08
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x86ed79d0
[SSDT:Addr(Hook.SSDT)] unknown[316] : Unknown @ 0x86eeee18
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x86eeeeb0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x86eeff90
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x86f04a28
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x86ed7a68
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86eed078
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x86ed7b00
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x86eeef38
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x86f1ac20
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x86d53cb8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x86d69830
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x87925830
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x8698fe10
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x87a2ff18
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x87926840
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x87a5d120
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x87a69120
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x86402268
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x87934830
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\drivers\tpm.sys)
[IAT:Inl] (explorer.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x719e001e]|jmp 0x6|jmp 0xfffffffff6191a6a)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x7198001e]|jmp 0x6|jmp 0xfffffffff61f1bca)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x717d001e]|jmp 0x6|jmp 0xfffffffff63a291a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x718c001e]|jmp 0x6|jmp 0xfffffffff62b214a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x7189001e]|jmp 0x6|jmp 0xfffffffff62e222a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x718f001e]|jmp 0x6|jmp 0xfffffffff628204a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7180001e]|jmp 0x6|jmp 0xfffffffff637286a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7183001e]|jmp 0x6|jmp 0xfffffffff634282a)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x7186001e]|jmp 0x6|jmp 0xfffffffff63127ca)
[IAT:Inl] (explorer.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x71a1001e]|jmp 0x6|jmp 0xfffffffff61619ba)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x719b001e]|jmp 0x6|jmp 0xfffffffff61c1b1a)
[IAT:Inl] (explorer.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x718c001e]|jmp 0x6|jmp 0xfffffffff62b214a)
[IAT:Inl] (explorer.exe) USER32.dll - keybd_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81930 (jmp dword near [0x71a7001e]|jmp 0x6|jmp 0xfffffffff61018fa)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - CreateServiceW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81e00 (jmp dword near [0x7192001e]|jmp 0x6|jmp 0xfffffffff6251dca)
[IAT:Inl] (explorer.exe) USER32.dll - SendInput : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81980 (jmp dword near [0x71a4001e]|jmp 0x6|jmp 0xfffffffff613194a)
[IAT:Inl] (explorer.exe) WS2_32.dll - WSALookupServiceBeginW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b816c0 (jmp dword near [0x716e001e]|jmp 0x6|jmp 0xfffffffff649168a)
[IAT:Inl] (explorer.exe) user32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x71a1001e]|jmp 0x6|jmp 0xfffffffff61619ba)
[IAT:Inl] (explorer.exe) user32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x719e001e]|jmp 0x6|jmp 0xfffffffff6191a6a)
[IAT:Inl] (explorer.exe) user32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x7198001e]|jmp 0x6|jmp 0xfffffffff61f1bca)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) USER32.dll - keybd_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81930 (jmp dword near [0x714d001e]|jmp 0x6|jmp 0xfffffffff66a18fa)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendInput : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81980 (jmp dword near [0x714a001e]|jmp 0x6|jmp 0xfffffffff66d194a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) USER32.dll - mouse_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b818e0 (jmp dword near [0x7150001e]|jmp 0x6|jmp 0xfffffffff66718aa)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetContextThread : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82950 (jmp dword near [0x7123001e]|jmp 0x6|jmp 0xfffffffff694291a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenProcess : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82260 (jmp dword near [0x712f001e]|jmp 0x6|jmp 0xfffffffff688222a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82080 (jmp dword near [0x7135001e]|jmp 0x6|jmp 0xfffffffff682204a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtSetInformationFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b828a0 (jmp dword near [0x7126001e]|jmp 0x6|jmp 0xfffffffff691286a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) ntdll.dll - NtCreateFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82800 (jmp dword near [0x712c001e]|jmp 0x6|jmp 0xfffffffff68b27ca)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwDeleteValueKey : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82180 (jmp dword near [0x7132001e]|jmp 0x6|jmp 0xfffffffff685214a)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81c00 (jmp dword near [0x713e001e]|jmp 0x6|jmp 0xfffffffff6791bca)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageW : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81aa0 (jmp dword near [0x7144001e]|jmp 0x6|jmp 0xfffffffff6731a6a)
[IAT:Inl] (iexplore.exe) USER32.dll - SendMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b819f0 (jmp dword near [0x7147001e]|jmp 0x6|jmp 0xfffffffff67019ba)
[IAT:Inl] (iexplore.exe) USER32.dll - PostMessageA : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b81b50 (jmp dword near [0x7141001e]|jmp 0x6|jmp 0xfffffffff6761b1a)
[IAT:Inl] (iexplore.exe) ntdll.dll - ZwOpenFile : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b82860 (jmp dword near [0x7129001e]|jmp 0x6|jmp 0xfffffffff68e282a)
[IAT:Inl] (iexplore.exe) USER32.dll - mouse_event : C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll @ 0x67b818e0 (jmp dword near [0x7150001e]|jmp 0x6|jmp 0xfffffffff66718aa)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD5000AAKS-60A7B0 ATA Device +++++
--- User ---
[MBR] 7e082e6332fb06acea39baa18206959d

Reply #3December 11, 2014, 11:21:10 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: 10.0.9.0 and MalwareBytes
« Reply #3 on: December 11, 2014, 11:21:10 am »
Looks like a signature conflict.
I'll take a look.

Reply #4December 11, 2014, 12:20:28 pm

sprintman

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: 10.0.9.0 and MalwareBytes
« Reply #4 on: December 11, 2014, 12:20:28 pm »
Agree. Only happened when latest version installed on both systems at same time.  You still have a great product

Cheers..steve

Reply #5December 11, 2014, 01:19:49 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: 10.0.9.0 and MalwareBytes
« Reply #5 on: December 11, 2014, 01:19:49 pm »
Solved, new version is uploading...
It was indeed a signature conflict, because for Zeus we have the same signature as MBAM (seen with a dump of mbamservice.exe). As the database is loaded in memory, it will be detected as malicious by RK.
We just whitelisted the mbamservice process.

Reply #6December 12, 2014, 12:37:54 am

sprintman

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: 10.0.9.0 and MalwareBytes
« Reply #6 on: December 12, 2014, 12:37:54 am »
Nice!!