Jump to content

flashed

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About flashed

  • Rank
    New Member
  1. Hello, A full scan flagged DeltaC.exe as Spyware.PasswordStealer this morning. It's part of an install of DeltaCopy which was bundled with Unreal Engine. The timestamps on the file and its neighbors are from the date of install in June of 2020. VirusTotal says this file was first scanned in 2009, and what I was able to find online says that Unreal Engine uses a very old version of DeltaCopy, so it seems as though this file has not been modified on my machine since installation, unless whatever was installed last year was replaced by this version from 2009, but it seems like that's not ver
  2. Hi Kevin, Here are the final results. Everything is reported as clean, apparently. Did anyone you talked to have any ideas for the weirdness we were seeing? finalMB.txt Addition.txt FRST.txt
  3. Quarantined the file, rebooted normally, threat scan made it through the Memory Objects without any detections. I'm going to let the threat scan finish and then do a full scan again. It'll take a couple hours. Thanks Kevin, is there anything else you recommend? Is there a way to find out just when this infection occurred? Also, I'm still curious about how a dll can be patched without its MD5 being altered; I thought the whole point of the MD5 was to reveal any discrepancies at all between files. The modified date was still 2009 as well, but I imagine that's trivial to leave unchanged.
  4. MB gives me an option to quarantine, create an exception (or maybe it's exemption?), or ignore. I do not see a replace option. Should I just go ahead witht the quarantine? My understanding is that if no replacement is made, then Windows will fail to start.
  5. I'm starting to think that, just to be safe, I should just try replacing the file and rerunning the scan.
  6. Thanks Kevin, Here's the log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/28/2015Scan Time: 2:39:42 PMLogfile: Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.04.28.07Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7CPU: x86File System: NTFSUser: ***Scan Type: Threat ScanResult: CompletedObjects Scanned: 384923Time Elapsed: 19 min, 58 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: WarnProcesses
  7. Rebooted, reran SystemLook before reconnecting my network cable just in case. MD5 for the System32 file was still the same. Connected to the network, ran MB as admin, checked for updates, none found, ran threat scan. MB marked the System32 file as a detected object again. Threat scan is still running, will post when finished. Out of curiosity, can you link to that other thread?
  8. I was curious about that as well. My best guess is that it's because I ignored the detection. Does MB not report an item as malicious if the user ignores instead of quarantines the file?
  9. And here is the SystemLook log. The file on the desktop is a clean one (at least, it should be clean) copied from the winsxs directory, as is the one in New folder (3)\baseQFE. As you can see, the MD5 values are identical to the System32 copy, which was reported by MB as infected. They are also identical to the one in New folder (3)\sys32_comp, which is a copy of the one in System32. The only unique file here is the final entry, also in the winsxs directory. It is not flagged as infected; the only instance out of all these files that is ever flagged is the one in System32, even though I ma
  10. Here are the requested logs from Farbar. Will run SystemLook next. I think I should also mention that I copied the "infected" rpcss.dll to another folder on my desktop to compare MD5 values. While running another full system (and rootkit) scan, the copied file was not flagged, only the one in System32. FRST.txt Addition.txt
  11. Hello, During a quick scan, MB identified C:\Windows\System32\rpcss.dll as Trojan.Zekos.Patched732SP0. This occurred during the "Memory Objects" portion of the scan. The scan log is: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/27/2015Scan Time: 9:46:51 PMLogfile: Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.04.27.05Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7CPU: x86File System: NTFSUser: PixelsmithScan Type: Threat ScanResult: CompletedObjects Scanned: 38
  12. That's a rather comprehensive list of antimalware software. In fact, the only one I've heard of that isn't on there is MB. Why is that? But if they say it's good, then I guess I can relax. Thanks MrC, I appreciate it.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.