1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Webroot has to block Mom.exe every 10 seconds

Discussion in 'Malware and Virus Removal Archive' started by patrice3, 2010/08/23.

  1. 2010/08/23
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    [Resolved] Webroot has to block Mom.exe every 10 seconds

    Hello,

    I am a beginner and need your help. My computer is being bombarded by a request re "Mom.exe." My Webroot Anitvirus throws up a firewall alert every 10 seconds. The message says, "mom.exe is the parent of a process that is communicating. Do you want this process to be an allowed parent?" My options are to "allow ", "block" and "do not show this message again ". Nothing happens when I select [block] or [don't show message again]. No kidding! And it has been happening since midday. Could it be related to Skype in any way? The minute I finished downloading and using Skype for the first time, this message started popping up. By the way, the last time I got an attack from Mom.exe, 2 months ago, I had to buy a new computer. Microsoft and Webroot romote work didn't the problem then. And a Webroot sweep didn't work today. My first instinct is to uninstall Skype but it's such a great program and I need it in my work. I am having difficulty even posting this message. Nothing seems to be working so far. Arrgh! Help. Thanks.
     
    patrice3,
    #1
  2. 2010/08/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Restart computer in Safe Mode with Networking.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.pif
    * Rkill.exe


    • * Double-click on the Rkill desktop icon to run the tool.
      * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
      * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
      * If not, delete the file, then download and use the one provided in Link 2.
      * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
      * Do not reboot until instructed.
      * If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following.

    Now download and run exeHelper.


    • * Please download exeHelper from Raktor to your desktop.
      * Double-click on exeHelper.com to run the fix.
      * A black window should pop up, press any key to close once the fix is completed.
      * A log file named log.txt will be created in the directory where you ran exeHelper.com
      * Attach the log.txt file to your next message.

    Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/08/24
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Reply to BRoni on Mom.Exe Problem

    Thanks BRoni. Will do this and let you know the results.
     
    patrice3,
    #3
  5. 2010/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #4
  6. 2010/08/24
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Mom.Exe/webroot next step to BRoni

    Hi BRoni or anyone else,
    Here is what I have do so far. Am now stuck.

    (A) I now have Combofix on my desktop but when I run it, I get an error message

    "win32 only - incompatible OS. Combofix only work for workstations with windows 2000 and XP. "

    I cant find a Windows 7 version on Bleeping Computers. Where can I find a safe version for windows 7, or should I be doing something about "win32" instead?

    (B) I've tried everything I know to disable my bleepingly sophisticated viruskiller Webroot without success. I told Webroot to "allow everything from the Internet" but it still promises to zap everything coming in. Right!! I would like to uninstalling Webroot so in the event I get Combofix, I can run it free and clear. Is that smart?

    Thanks for your patience
     
    patrice3,
    #5
  7. 2010/08/24
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Sorry forgot to post the 1st log for mom.exe

    exeHelper by Raktor
    Build 20100414
    Run at 09:21:52 on 08/24/10
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
     
    patrice3,
    #6
  8. 2010/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you running Windows 7 64-bit?
     
    broni,
    #7
  9. 2010/08/24
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Mom.exe

    Yes it Windows 7, 64-bit
     
    patrice3,
    #8
  10. 2010/08/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK, Combofix won't work on 64-bit.

    See, if this will work....

    Run rKill first, then....

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2010/08/26
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Fix for Mom.exe/Webroot continued

    Hello BRoni

    Thanks for your help. I disabled the antivirus shield and sweep functions in Webroot as well as Windows firewall and then did the Malwarebytes approach.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4483

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    8/26/2010 9:59:56 AM
    mbam-log-2010-08-26 (09-59-56).txt

    Scan type: Quick scan
    Objects scanned: 132560
    Time elapsed: 3 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Following are GMER Results. First an error message?

    C:/Windows/system32/config/system: The process cannot access the file because it's being used by another process.

    Didn't know what the message meant but found I hadn't disabled webroot firewall so I did that and ran GMER again.

    Result of Scan: GMER hasn't found any system modification.

    If you think I need to do the whole process again because I had the firewall up, I will be happy to do so.

    Following are MBR Results


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: Phoenix Technologies LTD
    System Manufacturer: Acer
    System Product Name: Aspire 7551
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 135):
    0x02008000 \SystemRoot\system32\ntoskrnl.exe
    0x025E4000 \SystemRoot\system32\hal.dll
    0x00BD1000 \SystemRoot\system32\kdcom.dll
    0x00C02000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C0F000 \SystemRoot\system32\PSHED.dll
    0x00C23000 \SystemRoot\system32\CLFS.SYS
    0x00C81000 \SystemRoot\system32\CI.dll
    0x00D41000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EB9000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F10000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F19000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F23000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F56000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F63000 \SystemRoot\System32\drivers\partmgr.sys
    0x00F78000 \SystemRoot\system32\DRIVERS\ssfs0bbc.sys
    0x00F85000 \SystemRoot\system32\DRIVERS\ssidrv.sys
    0x00FA9000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FB2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FBE000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E8D000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00FD3000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E96000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00EA1000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0101B000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01067000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0123C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0107B000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013DF000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x010D9000 \SystemRoot\System32\Drivers\cng.sys
    0x01200000 \SystemRoot\System32\drivers\pcw.sys
    0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01462000 \SystemRoot\system32\drivers\ndis.sys
    0x01554000 \SystemRoot\system32\drivers\NETIO.SYS
    0x015B4000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0114C000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01198000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015DF000 \SystemRoot\System32\Drivers\mup.sys
    0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x018A2000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018DC000 \SystemRoot\system32\DRIVERS\disk.sys
    0x018F2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01922000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x01962000 \SystemRoot\System32\Drivers\Null.SYS
    0x0196B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01972000 \SystemRoot\System32\drivers\vga.sys
    0x01980000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x019A5000 \SystemRoot\System32\drivers\watchdog.sys
    0x019B5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x019BE000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019C9000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x019DA000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01800000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0180D000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02283000 \SystemRoot\system32\drivers\afd.sys
    0x0230D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02316000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x0233C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02352000 \SystemRoot\system32\DRIVERS\pwipf6.sys
    0x02389000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02398000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x023E9000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02200000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0221E000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x02244000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0283B000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
    0x02C36000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x02E5A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x02E67000 \??\C:\Windows\system32\drivers\UBHelper.sys
    0x02E6F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02E99000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
    0x02EA1000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x02EAC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x02F02000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x02F0F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x02F20000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x02F3E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x02F4D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x02F9C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x02FAB000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x02FB4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x02FC5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x02FD5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02FE0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02C24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0288C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x028BB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x028D6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x028F7000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x02911000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C30000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x02925000 \SystemRoot\system32\DRIVERS\ks.sys
    0x02968000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0297A000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x029D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x029E9000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02800000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0280C000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x02817000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x01852000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02C32000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0282A000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x02268000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0186F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02FF6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x02276000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x000C0000 \SystemRoot\System32\win32k.sys
    0x01888000 \SystemRoot\System32\drivers\Dxapi.sys
    0x004B0000 \SystemRoot\System32\drivers\dxg.sys
    0x00680000 \SystemRoot\System32\TSDDD.dll
    0x00930000 \SystemRoot\System32\framebuf.dll
    0x0192A000 \SystemRoot\system32\drivers\WudfPf.sys
    0x03817000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0386A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0387D000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0389B000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x038B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x038E0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0392E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03951000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0396C000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x77A10000 \Windows\System32\ntdll.dll
    0x475D0000 \Windows\System32\smss.exe
    0xFFD30000 \Windows\System32\apisetschema.dll
    0xFF890000 \Windows\System32\autochk.exe
    0xFFCD0000 \Windows\System32\Wldap32.dll
    0xFFCB0000 \Windows\System32\sechost.dll
    0xFFAA0000 \Windows\System32\ole32.dll

    Processes (total 30):
    0 System Idle Process
    4 System
    252 C:\Windows\System32\smss.exe
    336 csrss.exe
    372 C:\Windows\System32\wininit.exe
    384 csrss.exe
    440 C:\Windows\System32\services.exe
    448 C:\Windows\System32\lsass.exe
    456 C:\Windows\System32\lsm.exe
    472 C:\Windows\System32\winlogon.exe
    576 C:\Windows\System32\svchost.exe
    640 C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
    684 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    812 C:\Windows\System32\svchost.exe
    876 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    700 C:\Windows\System32\svchost.exe
    1156 C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
    1660 C:\Windows\explorer.exe
    1704 C:\Windows\System32\ctfmon.exe
    1752 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    860 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    1944 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\svchost.exe
    1220 C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
    1476 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    904 C:\Users\faith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJHQ7P1E\MBRCheck[1].exe
    1804 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`32d00000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F
    PhysicalDrive1 Model Number: SAMSUNGHM500LI, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Is the MBR Code thingy a malware and do I need to zap it with something?
    Thanks a million. Ok will come out of safe mode and let you know how it's working. Oh BTW. Webroot told me go ahead and allow mom.exe whenever it pops up because it's my
     
    patrice3,
    #10
  12. 2010/08/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    mom.exe is actually a part of ATI Catalyst Control Panel software. A legit file.

    Do you have any other issues, which make you to believe, your computer may be infected?
     
    broni,
    #11
  13. 2010/08/27
    patrice3

    patrice3 Inactive Thread Starter

    Joined:
    2010/08/23
    Messages:
    7
    Likes Received:
    0
    Hi Broni,

    Wow didn't know legit files behaved like they needed meds too. The instructions you gave me worked. Whatever you gave me stopped the Webroot/Mom.exe standoff that had held my computer hostage. I don't have to work in safemode and I can type and I can actually see the whole screen!! I am forever your servant. Thank you.
     
    patrice3,
    #12
  14. 2010/08/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm glad to see your computer being back to normal :)
     
    broni,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...