cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

8.7i: deleted all .exe that MalwareBytes (mbam) was scanning

I just did an update to mbam followed by a quick scan and VirusScan 8.7 (p2) deleted all .exe files in c:\windows\SysWOW64 that mbam scanned.  It thought they were the dx trojan.  I assume there is no problem with mbam since I used it last year to get rid of an "antivirus 2009" that McAfee could not delete and all I did was update to their latest database.  I stopped the mbam scan so not all .exe's were deleted, just ones in alphabetical order from "1033b.exe" thru "APOMngrg.exe"

Is this a case of "false positives"?

The system seems to be working fine even though most of the files starting with "A" have been deleted from SysWOW64.  Can I find them somewere and restore them?

I was unable to upload a picture of the problem from my computer thru the McAfee upload interface.  I was able to ftp the picture to my web site and upload it from there.  Is this a known problem with the McAfee pic upload interface?  Thanks for looking!

I ran some tests.

To start off, I following the following instructions on adding mbam support to McAfee
Basic Procedures to correct disappearing programs


I then brought up the mcafee quarantine manager and un-quaranteened (restored to syswow64) accessibilitycplw.exe. I then ran a McAfee scan on c:\system\syswow64 and accessibilitycplw.exe was reported as a dx trojan and re-quaranteened. None of the other 100+ exes in the syswow64 directory had a problem, just that one I pulled out of the quarantine. I then restored another, accessibilitycpls.exe, went to the command prompt and changed to c:\system\syswow64 and copied "write.exe" and "accessibilitycpls.exe" to a new subdirectory I created, "c:\scanx". The executable "write.exe" was copied, but not accessibilitycpls.exe. It was re-quaranteened.

I then brought up MalwareBytes and scanned c:\scanx and it scanned "write.exe" just fine and McAfee did not find anything wrong after the scan completed.
I then brought McAfee back up and un-did all the changes that were recommended in that link above and then scanned c:\scanx. There was no problem.

I cannot account for why the first "quick scan" after the update to mbam created all those trojans (if indeed it did). The fact that that McAfee stopped reporting trojans the instant I stopped the mbam scan is suspicious. However, running mbam again just a few minutes ago on the directory c:\scanx did not cause any trojans to appear in the executable "write.exe"

I am looking for another vista64 system so I can restore those files. I will try that sfc /scannow and then reboot with my fingers crossed.

http://stateson.net/images/mbam_problem2.png

Message was edited to add results of some test I ran after reading some suggestions at the MalwareBytes forum. on 9/30/10 2:13:18 AM CDT
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community