Jump to content

joedf

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for sharing! Glad this is resolved. I was thinking this is weird, and got a little worried. I double-checked SHA1, SHA256 and virustotal too. https://www.virustotal.com/gui/file/f751678639d904704084257c88a7e042d0850b89403f7fb6ed157ac1270d59b5
  2. +1 Yes. Thank you so much! My stress has died down, viva senzu beans !
  3. Weird... I did a restore and did a manual scan of MBPPCn64.dll ... it came back negative now. --- Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/13/20 Scan Time: 11:40 AM Log File: 29ba1f72-c51f-11ea-b0ea-34f39a9233f7.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26775 License: Free -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: FROST-PC\Frost -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 0 min, 11 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. Good to hear I'm not alone. I freaked out. I haven't downloaded any shady email attachments or anything like that...
  5. Thank you, I've reattached the log, file hash and quarantined file. I'm not sure how I pasted that all mashed up. File: MBPPCn64.dll CRC-32: 46b24f7f MD5: f63631c6d92033403eb7fad245439f38 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 threat_detected_01.txt MBPPCn64.dll.zip
  6. I got a message from Malwarebytes monthly scan of a NanoCore Backdoor? I check virus total, and there was 0 detections based on a file sha256 search. Is this a false positive? 1 File: MBPPCn64.dll 2 CRC-32: 46b24f7f 3 MD5: f63631c6d92033403eb7fad245439f38 4 SHA-1: 75cdbdaad6a2467c83ced4213f603688a1963e22 5 SHA-256: 2e5cfa02cda88fa4a206dab9ab06925fd743adf9a57f77a344473790987c8af0 6 SHA-512: 5b51efb3210b1a4e83a71972a1a6f7f8609e6846da4beef0d74c5f88c17aae24fcf731fcccff952718f71837169c05cbed423ec99e20f6ab5fc787e4f9c0c8a0 7 8 9 10 Malwarebytes 11 www.malwarebytes.com 12 13 -Log Details- 14 Scan Date: 7/13/20 15 Scan Time: 10:04 AM 16 Log File: d4c52e42-c511-11ea-88a4-34f39a9233f7.json 17 18 -Software Information- 19 Version: 4.1.0.56 20 Components Version: 1.0.955 21 Update Package Version: 1.0.26771 22 License: Free 23 24 -System Information- 25 OS: Windows 10 (Build 18362.900) 26 CPU: x64 27 File System: NTFS 28 User: System 29 30 -Scan Summary- 31 Scan Type: Threat Scan 32 Scan Initiated By: Scheduler 33 Result: Completed 34 Objects Scanned: 395361 35 Threats Detected: 25 36 Threats Quarantined: 25 37 Time Elapsed: 15 min, 58 sec 38 39 -Scan Options- 40 Memory: Enabled 41 Startup: Enabled 42 Filesystem: Enabled 43 Archives: Enabled 44 Rootkits: Disabled 45 Heuristics: Enabled 46 PUP: Detect 47 PUM: Detect 48 49 -Scan Details- 50 Process: 0 51 (No malicious items detected) 52 53 Module: 0 54 (No malicious items detected) 55 56 Registry Key: 24 57 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}, Quarantined, 3700, 840328, , , , 58 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader, Quarantined, 3700, 840328, , , , 59 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.ControllerPropPageLoader.1, Quarantined, 3700, 840328, , , , 60 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 61 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 62 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 63 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 64 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 65 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 66 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 67 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8DB8468B-2C40-48FF-A925-D5AF337C71D7}, Quarantined, 3700, 840328, , , , 68 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8E6F605D-E8A9-418F-806C-70F32091C675}, Quarantined, 3700, 840328, , , , 69 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{964D846F-3E6D-4FB5-A613-948039719F3F}, Quarantined, 3700, 840328, , , , 70 Backdoor.NanoCore, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 71 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{5DF21ACB-651C-4332-83DA-FBA3846C44D8}, Quarantined, 3700, 840328, , , , 72 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{6A25A050-525C-4c97-A072-9504F8E8E77D}\InprocServer32, Quarantined, 3700, 840328, , , , 73 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}, Quarantined, 3700, 840328, , , , 74 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub, Quarantined, 3700, 840328, , , , 75 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.PropPageStub.1, Quarantined, 3700, 840328, , , , 76 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{74C7569D-ED69-4292-9886-CC89DD455744}\InprocServer32, Quarantined, 3700, 840328, , , , 77 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}, Quarantined, 3700, 840328, , , , 78 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader, Quarantined, 3700, 840328, , , , 79 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CplStub.EndpointPropPageLoader.1, Quarantined, 3700, 840328, , , , 80 Backdoor.NanoCore, HKLM\SOFTWARE\CLASSES\CLSID\{F2725209-D040-48ba-B5B3-FAE9060BC3C9}\InprocServer32, Quarantined, 3700, 840328, , , , 81 82 Registry Value: 0 83 (No malicious items detected) 84 85 Registry Data: 0 86 (No malicious items detected) 87 88 Data Stream: 0 89 (No malicious items detected) 90 91 Folder: 0 92 (No malicious items detected) 93 94 File: 1 95 Backdoor.NanoCore, C:\WINDOWS\SYSTEM32\MBPPCN64.DLL, Quarantined, 3700, 840328, 1.0.26771, , ame, 96 97 Physical Sector: 0 98 (No malicious items detected) 99 100 WMI: 0 101 (No malicious items detected) 102 103 104 (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.