Mingraye

The CLI I use for AWS Route 53 is now being marked as Generic Malware/Suspicious (Type Malware) https://github.com/barnybug/cli53/releases/tag/0.8.17 Windows version: https://github.com/barnybug/cli53/releases/download/0.8.17/cli53-windows-386.exe

Yep. Looks fixed. Thanks!

Here's the log: Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.09.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Novograye :: NOVOGRAYE-PC [limited] Protection: Enabled 12/9/2012 7:18:23 PM mbam-log-2012-12-09 (19-20-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 160080 Time elapsed: 1 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Novograye\Downloads\wampserver2.2e-php5.4.3-httpd2.2.22-mysql5.5.24-32b.exe (Trojan.Agent) -> No action taken. [0f3a8c50461795a1a3f2ea4403fdbe42] (end)

Hmm.. file did not attach for some reason. Too big? It's 26mb. Downloaded via the WAMP page 32bit & PHP 5.4 2.2E.

Malwarebytes marked the WAMP installer as a trojan today. False positive? Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.09.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Novograye :: NOVOGRAYE-PC [limited] Protection: Enabled 12/8/2012 9:57:47 PM mbam-log-2012-12-08 (21-57-47).txt Scan type: Custom scan (C:\Users\Novograye\Downloads\wampserver2.2e-php5.4.3-httpd2.2.22-mysql5.5.24-32b.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Novograye\Downloads\wampserver2.2e-php5.4.3-httpd2.2.22-mysql5.5.24-32b.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)

Malwarebytes said it found a trojan from what I believe is a Nvidia update. Did a custom scan on the file and logged the results below. File attached. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.05.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Novograye :: NOVOGRAYE-PC [limited] Protection: Enabled 12/4/2012 9:00:01 PM mbam-log-2012-12-04 (21-00-01).txt Scan type: Custom scan (C:\ProgramData\NVIDIA\Updatus\Packages\00001e30\updatus.14522386_RUNASUSER.exe|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\NVIDIA\Updatus\Packages\00001e30\updatus.14522386_RUNASUSER.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) updatus.14522386_RUNASUSER.exe.zip

Arg, wrong log. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.22.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lingraye :: LINGRAYE-PC [limited] Protection: Enabled 7/22/2012 6:29:08 PM mbam-log-2012-07-22 (18-29-08).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 91672 Time elapsed: 26 minute(s), 6 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}\python_icon.exe (Spyware.Zbot.OUT) -> Delete on reboot. (end)

Hmm... log didn't attach. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.22.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lingraye :: MINGRAYE-PC [limited] Protection: Enabled 7/22/2012 6:59:51 PM mbam-log-2012-07-22 (18-59-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 27720 Time elapsed: 3 minute(s), 3 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Malwarebytes marked this as bad. Checked it on VirusTotal and it was said it was fine. False positive? python_icon.rar