Jump to content

Einstein

Experts
  • Posts

    138
  • Joined

  • Last visited

Everything posted by Einstein

  1. Rest in peace Matt :'(

  2. nosirrah, Anything new on it? IRPF is quite popular in Brazil, installed on million of machines. I think it's good to fix it ASAP. If you want I can try to install it and generate the developers log.
  3. Yeah, I know, but for me it's impossible to create this log on the user's machine. I saw it in a log on a forum: http://forum.clubedohardware.com.br/showpo...amp;postcount=1
  4. I haven't the files here, but MBAM are flagging some legitimate files belongs to IRPF, the brazilian IRS: C:\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2003\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. You can download the lastest version of the program here: http://www.receita.fazenda.gov.br/PessoaFi...d-programas.htm
  5. Congratulations Malwarebytes and Merijn!!!!
  6. Hello guys, I reported this false positive to PDM Team of Kaspersky, cause is a generic detection of the heuristic. I installed MBAM a few minutes ago and nothing was detected here (using KAV 2010). If the detection still persists, please warn me
  7. Congratulations to all team for this great effort!
  8. Sorry, I'll do in the next report. Thanks a lot!
  9. It's true. In the first log, this entrances are from GBPlugin used by brazilian bank Unibanco. This is the legit files of this plugins: gbiehuni.dll Tamanho: 368640 bytes MD5: 7b175796380360b0ae0d020c330f2045 C:\Arquivos de programas\GbPlugin\gbiehuni.dll uni.gpc Tamanho: 33312 bytes MD5: 6833c0cd3ace03108d957313b9e00408 C:\Arquivos de programas\GbPlugin\uni.gpc O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll ---------- In the second log, this entrances too are legitime. Belongs to internet banking plugin of Caixa. This is the legit files of this plugins: cef.gpc Tamanho: 64431 bytes MD5: 1D224338D4BB9A5B15D46496BBD5056D C:\Arquivos de programas\GbPlugin\cef.gpc gbiehcef.dll Tamanho: 366672 bytes MD5: 285176E4BC7D6778D9740E69BC584302 C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll Marcin/Bruce, please review this false positive.
  10. GT500: Brazilians users have reported the same freezing in full scans: http://www.linhadefensiva.org/forum/index....showtopic=89105 The topic you refer only works with 1.32 version, not with 1.33. If you try what is described in the topic, appears the mesage: "The database that you're using its not supported in this version. Download and install the lastest version"
  11. Happy New Year to all members and visitants for Malwarebytes!
  12. And this is the detected file: domino.exe password: mbam Best Regards,
  13. Hello guys, an user from our board report a probably false positive of MBAM: http://www.linhadefensiva.org/forum/index....opic=84188& The file: C:\WINDOWS\domino.exe (Worm.Anilogo) -> Quarantined and deleted successfully. C:\Arquivos de programas\Vimicro\VM301B\Driver AutoInstall\Driver Files\Domino.exe (Worm.Anilogo) -> Quarantined and deleted successfully. C:\Documents and Settings\Kadu e Lari\Meus documentos\Geral\Webcam WB-C05(2)\Webcam WB-C05\Driver\Domino.exe (Worm.Anilogo) -> Quarantined and deleted successfully. This file is from a driver of a webcam WB-C05. Could be a false positive? Best regards,
  14. Installed without problems. I run a fast scan in a Windows Vista and this is the result:
  15. Congratulations to Marcin and all MalwareBytes community!
  16. File located in System32 folder, of an Windows XP Service Pack 3 computer. I'm using MBAM 1.17 VirusTotal analysis: http://www.virustotal.com/analisis/d30d024...da0772c811b129f File attached.
  17. File located in System32 folder, of an Windows XP Service Pack 3 computer. I'm using MBAM 1.17 VirusTotal analysis: http://www.virustotal.com/analisis/e46e957...0e87664dda74198 File attached.
  18. Its all right here with this new version: Malwarebytes' Anti-Malware 1.16Vers
  19. With the fast scan, its all right here: Malwarebytes' Anti-Malware 1.14Vers
  20. Updated and work very well, removing stolen data: Malwarebytes' Anti-Malware 1.04Vers
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.