Member Avatar for cc2009

Have got vista
got told that I had a MBR 3 weeks ago got charged £45 to get rid of it and re-istall my OS
last week avg found I had trojans and rootkits on so went back to shop he said comp full of them, only paid £15 and he just wiped my hard drive and I re-installed it myself, I assume my Os disk was okay

put avg 9 and malware bytes, mawarebytes made my hard drive make a funny noise, so removed it, everything okay till ran rootkit scan and it found one

kept off sites that are dodgy, only been on justin tv watching sports

avg says i have "C:\Windows\system32\drivers\mbamswissarmy.sys";"Hidden driver";"Object is hidden" and asks me if I really want to delete it, do I deleted it

dont want to spend anymore money getting it fixed so any help would be appreciated. dont mind paying small amount, am sick to death of it

  • 3 Contributors
  • 5 Replies
  • 110 Views
  • 12 Hours Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 5 Replies

Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

C:\Windows\system32\drivers\mbamswissarmy.sys

Entry is from Malwarebytes Anti-Malware :).

Member Avatar for cc2009

does that mean its okay or that i got it from downloading malware bytes?

a squared cleaner also found this, ID Object
0 C:\Users\Chris4433\Downloads\SetupCasino.exe__en.exe Trojan.OnlineBank!IK

which i quarantined

can someone help me out please

Member Avatar for jholland1964

does that mean its okay or that i got it from downloading malware bytes?

a squared cleaner also found this, ID Object
0 C:\Users\Chris4433\Downloads\SetupCasino.exe__en.exe Trojan.OnlineBank!IK

which i quarantined

can someone help me out please

That C:\Windows\system32\drivers\mbamswissarmy.sys is a NORMAL file from MBA-M, not a rootkit it is the
MalwareBytes 'Anti-Malware system driver file and in no way a threat to your system. You must have incorrectly uninstalled MBA-M. Since the rest of the program couldn't be found it is in all likelyhood why AVG flagged the file.
It would really help if we could see some logs here otherwise this is like trying to walk through an unknown building in the dark, we don't know what to look for or why we keep hitting walls.
The file found by aSquared

C:\Users\Chris4433\Downloads\SetupCasino.exe__en.exe Trojan.OnlineBank!IK

was downloaded by somebody using the computer.

Sorry crunchie, didn't see you there :icon_redface:

Edited by jholland1964 because: n/a
Member Avatar for crunchie

No worries. Nice to have back-up :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.