Re:ReTrojan Horse Generic12.BGEI and infected msconfig

Hi ... I'm watching intensively for the original thread at the subject (#181644) initiated by MayBee. Unfortunately for some reason I'm blocked to contribute posts to it, even though I have some notes.
First I'm getting the very same and completely identical MBAM log report content as MayBee. And here the thing: the locations that reported in MBAM log to host infected entries are not real rather than JUNCTION (I'm running VISTA).

For example the following line from MBAM-log:
C:\Users\Default\Cookies\MM2048.DAT (Trojan.Agent) -> No action taken.

The "C:\Users\Default\Cookies\" is not accessible. Listing the content of "C:\Users\Default\" from command line prompt will result respectively to this /Cookies/ location the as follows:
02/11/2006 08:02 AM <JUNCTION> Cookies [E:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

So actually this so call "folders" are completely empty .... but here's the really weird thing (at least on my machine) ... the "E:/" on my toy is the DVD drive ... so I'm actually kinda shocked ... where & why the hell this junction is point to ...
Any ideas?
Thx.

 

Re: ReTrojan Horse Generic12.BGEI and infected msconfig

Hi again & thnx for a feedback.

I'm not completely following U on this one ...
I see that MayBee succeeded to delete those JUNCTIONS ... notice again these are not FOLDERS rather than JUNCTIONS, and are hidden by default as SYSTEM OWN entries ... its something alike Links in Linux.

I'm not sure if deleting those JUNCTIONS is the key for solution especially when the actual containers they point at my machine are on DVD drive ... thus no wonder those entries can not be deleted by reboot.

But while the last fact is quite explainable, it's really out of my sense how MBAM detects infection/maleware within those junctions which point to DVD drive which is EMPTY during the scan. Something weird here because we (me and MayBee) get/got 100% exactly the same MBAM-LOG content.

 

Re: ReTrojan Horse Generic12.BGEI and infected msconfig

Hi...

Sure... like I posted

but I'm trying to ditch for the reason MBAM detecting infection at locations which is kinda not FEASIBLE if not exist ....so like I posted previously: it's really out of my sense how/why MBAM detects infection/maleware within those junctions which point to DVD drive which is EMPTY during the scan .
So the JUNCTIONS are absolutely of 0 size by VISTA design and no DVD disk in drive during the scan.... wondering how MBAM detects/associates/accumulates infection list of 65 files which are obviously NOT THERE IN ANY CASE. Any ideas?

 

Re: ReTrojan Horse Generic12.BGEI and infected msconfig

Heh..

Well they had pretty similar issue few month ago ... unfortunately hasn't been resolved....back there they promised to resolve it with upcoming version...3-4 version since ...

BTW ... thx for attention & effort

 

Re: ReTrojan Horse Generic12.BGEI and infected msconfig

Just updated DB version from 1778 to 1800 ... so I have
v1.34 with DB 1800 and ... scan performed and ...
Surprise - Surprise the issue has been vanished ... yeah just like that ... it's gone in vain .... the same way it's appeared....MBAM-log is clean.

I check the content of /Default folder from command line console ... well those weirdo (pointing to E:// DVD drive) JUNCTIONS are there but ... at least MBAM this time aware that those are pointers to black hole ...

Have I said the whole thing is WEIRD ;-)?