Jump to content

Einstein

Experts
  • Posts

    138
  • Joined

  • Last visited

Posts posted by Einstein

  1. I haven't the files here, but MBAM are flagging some legitimate files belongs to IRPF, the brazilian IRS:

    C:\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Backup\Arquivos de programas\Programas SRF\IRPF2003\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Backup\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Backup\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    D:\Backup\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

    You can download the lastest version of the program here:

    http://www.receita.fazenda.gov.br/PessoaFi...d-programas.htm

  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uni.gpc (Trojan.Agent) -> No action taken.

    Valores do Registro infectados:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uni.gpc (Trojan.Agent) -> No action taken.

    Arquivos infectados:

    C:\WINDOWS\Downloaded Program Files\uni.gpc (Trojan.Agent) -> No action taken.

    It's true. In the first log, this entrances are from GBPlugin used by brazilian bank Unibanco. This is the legit files of this plugins:

    gbiehuni.dll

    Tamanho: 368640 bytes

    MD5: 7b175796380360b0ae0d020c330f2045

    C:\Arquivos de programas\GbPlugin\gbiehuni.dll

    uni.gpc

    Tamanho: 33312 bytes

    MD5: 6833c0cd3ace03108d957313b9e00408

    C:\Arquivos de programas\GbPlugin\uni.gpc

    O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

    O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

    ----------

    Chaves do Registro infectadas:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Not selected for removal.

    HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Not selected for removal.

    In the second log, this entrances too are legitime. Belongs to internet banking plugin of Caixa.

    This is the legit files of this plugins:

    cef.gpc

    Tamanho: 64431 bytes

    MD5: 1D224338D4BB9A5B15D46496BBD5056D

    C:\Arquivos de programas\GbPlugin\cef.gpc

    gbiehcef.dll

    Tamanho: 366672 bytes

    MD5: 285176E4BC7D6778D9740E69BC584302

    C:\Arquivos de programas\GbPlugin\gbiehcef.dll

    O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

    O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

    Marcin/Bruce, please review this false positive.

    :rolleyes:

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.