Jump to content

Beaker1024

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. miekiemoes - Thank you very much! I'll give it a few days and restore the two files. Do a custom scan over those folders and see what happens. Thank you again!!
  2. I can also say that not before, during, or after installing MWBAM did the Laptop exhibit any signs of having issues at all. No crashes, slow downs. No issues installing or using MWBAM or it doing the quarantine. Everything seems 100% perfectly fine with the laptop.
  3. I have turned on the "Trial" of the Premium MalwareBytes Anti-Malware and have both the process and web realtime scanners enabled now and they have found absolutely nothing at all either (along with clean bi-daily custom full/all HDDs scans with everything enabled, root, etc...).
  4. So this was on a laptop using the Free version first scan ever after 4 years of only MSE (realtime + weekly scans). This Laptop isn't used for general websurfing or much of anything at all. As title says found one Trojan file and MWBAM easily quarantined it (no reboot even needed). I've tried to learn more about the Trojan to see how concerned I need to be but no web-searches found anything and I quarantined it before putting it upto VirusTotal. NOTE: I've done tons of FULL scans with MWBAM since then and keep coming up clean. I'm hoping it wasn't a bad one, just kind of like a PUP or something. Here's the log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/9/2016 Scan Time: 4:26 PM Logfile: 2016-02-09-1626-trojan found.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.02.09.05 Rootkit Database: v2016.02.08.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: xx Scan Type: Custom Scan Result: Completed Objects Scanned: 592266 Time Elapsed: 1 hr, 0 min, 33 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent, C:\Users\xx\AppData\Local\Temp\.exe, Quarantined, [4861a5b9237684b2b9108dea1fe4ad53], Physical Sectors: 0 (No malicious items detected) (end)
  5. Here's a copy paste of the log. Sorry it's in the XML format. I did change the username, PC name & IP. The rest I promise is untouched. <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2016/02/10 14:35:32 -0500</date> <logfile>mbam-log-2016-02-10 (14-35-32).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.2.0.1024</version> <malware-database>v2016.02.10.05</malware-database> <rootkit-database>v2016.02.08.01</rootkit-database> <license>premium</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>enabled</self-protection> </engine> <system> <hostname>PC</hostname> <ip>192.168.1.xx</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>**Removed**</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>9654</objects> <time>375</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>2</files> <sectors>0</sectors> </summary> <options> <memory>disabled</memory> <startup>disabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <file><path>C:\Windows\SoftwareDistribution\Download\b4cfbeff3736ba2990142a0029960c9e\BIT7B5F.tmp</path><vendor>Trojan.Agent.Generic</vendor><action>success</action><hash>917cea75dabf6cca269594559071aa56</hash></file> <file><path>C:\Windows\SoftwareDistribution\Download\d937e328b45ba30759f04fac28b32b5e\BIT61D1.tmp</path><vendor>Trojan.Agent.Generic</vendor><action>success</action><hash>40cdbba43267a4929d1ed7129a679769</hash></file> </items> </mbam-log>
  6. So for some reason yesterday (after 9 months of paid version scanning daily) I had two "trojan" hits. They are both the same time of file found in: c:\Windows\SoftwareDistribution\Download\bunch_of_letters_and_numbers_folder The files are both the same size looking like: BIT61D1.tmp When you open in Notepad they look like normal temp files from MS windows updates being applied. I decided to upload one to "VirusTotal" and got a full clean (all green check marks) even from MalwareBytes. So I believe they are both Temp files created when I "uninstalled" KB3035583 (didn't want the GWX on my one PC). Since these are just Temp files I figured I'd let my local MalwayreBytes go ahead and quarantine both of them just because I don't see it hurting anything. I have a screen capture of VirusTotal saying the tmp file is all clean (0/54). I am also uncertain if the Temp files had any personal data in them so I have requested VIrustotal to remove it when possible. Like I said MalwareBytes found 2 of these exact same temp files that I believe were generated by the two times I had to uninstall the same KB Win7 update.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.