mkb
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by mkb
-
-
I restored it from the quarantine then went to its location and zipped it for you. Here it is.
-
I originally posted this in the General forum. An admin suggested I post it here because it might be a false positive.
I ran MBAM today twice. The first time was Chameleon. It found this file and flagged it as a trojan:
C:\Users\michael\AppData\Local\Temp\yupdate-exec-yabrowser.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
After reboot, I ran an MBAM full-scan and it found this file and flagged it as a trojan also:
C:\Users\michael\AppData\Local\Yandex\Updater\yupdate-exec.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
I would post the logs using Developer mode except that I already let MBAM delete the "trojans" and now my system is clean. I'm not sure if a developer mode log would help since the "trojans" are gone. Here are the logs (not developer mode), starting with the first scan (Chameleon) and then the full-scan that I ran after rebooting (the full scan found an additional file that Chameleon didn't pick up):
FIRST SCAN (CHAMELEON):
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.03.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
michael :: MICHAEL-PC [administrator]
11/3/2012 3:46:56 PM
mbam-log-2012-11-03 (15-46-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199156
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\michael\AppData\Local\Temp\yupdate-exec-yabrowser.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
(end)
_________________________________
SECOND SCAN (FULL):
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.03.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
michael :: MICHAEL-PC [administrator]
11/3/2012 4:25:57 PM
mbam-log-2012-11-03 (16-25-57).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358614
Time elapsed: 38 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\michael\AppData\Local\Yandex\Updater\yupdate-exec.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
(end)
-
This may be a false positive. Can you please make a post in the false positive forum. Instructions are in the forum.
I will do that now. Thanks.
-
UPDATE: after running the full scan it then found this C:\Users\michael\AppData\Local\Yandex\Updater\yupdate-exec.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
After rebooting I removed the Yandex browser to be safe. Then rebooted. Then ran MBAM Chameleon once more and it came up clean, so I proceeded to do my backup.
Would really like to use Yandex browser as long as it is not a trojan but a legitimate process.
Here's the log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.03.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
michael :: MICHAEL-PC [administrator]
11/3/2012 4:25:57 PM
mbam-log-2012-11-03 (16-25-57).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358614
Time elapsed: 38 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\michael\AppData\Local\Yandex\Updater\yupdate-exec.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
(end)
-
I ran an MBAM scan today before I did my backup, which I always do. It flagged a file in the temp directory (Windows 7 x64) as being a trojan. The files name is "yupdate-exec-yabrowser.exe".
I let MBAM delete it and reboot my PC.
The exe seems to be part of Yandex Web Browser which I installed several weeks ago. I'm not sure if it was supposed to be flagged as a trojan or not? Maybe someone here on the forums can enlighten me?
I'm running a full-scan now (after Chameleon was ran and removed trojan) just to be extra safe. Then I plan on removing the Yandex browser as a precaution.
Any help would be appreciated as I would really like to use the Yandex browser. I've attached the log file showing the files name and that it was successfully deleted by MBAM.mbam-log-2012-11-03 (15-46-56).txt
MBAM scan says that yupdate-exec-yabrowser.exe is a trojan--seems to be a Yandex browser exe so not sure if trojan
in File Detections
Posted
I replied to my original post with the zip file, see the reply to get the file. Thanks.