Hello, First time poster, so I'm not entirely familiar with the MBAM culture, so please forgive me if I'm making a mistake here (I'm sleep deprived right now, as it's ~2 AM where I'm at). 2011-04-07, I ran a full MBAM scan and had nothing infected. Yesterday (really, all but a few hours ago), I ran MBAM and had cdbxpp.exe flagged as infected. Now there are two variables I'm having to consider: I Updated MBAM Prior to Running the Scan I Went to ubuntugeek.com The first is self-explanatory, but the second is where I'm concerned. Here are two links that have me disconcerted. The second one was a URL scan I submitted after reading a couple posts that referenced virustotal.com being an integral tool for diagnosing possible malware. http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=xivee.com/ http://www.virustotal.com/url-scan/report.html?id=331fc433e5aa56018034842bbe8d7868-1303191262 It was after I visited ubuntugeek.com that I decided to run MBAM. The thing was, I'm pretty sure everything would have been fine had I just left it alone when browsing w/Chrome, but I had to get adventurous. I decided I'd see if the same warning page from Google would pop-up when running Firefox 4. Well, it didn't. I didn't navigate to any links or stay on for very long in Firefox, but feeling a little paranoid, I ran a full scan with KIS 2010 after updating it. No infections found. Following that, I updated MBAM, ran a full scan and CDBurnerXP was flagged. Under the "Vendor" column there was "Trojan.MSIL.SD", with "C:\Program Files\CDBurnerXP\cdbxpp.exe" referenced as the "Item"; I right clicked it and went to "Vendor Information". This is the link I was routed to: http://www.malwarebytes.org/malwarenet.php?name=Trojan.MSIL.SD. As you can see, the message I received was "This entry no longer exists. Please contact our support team about this problem." I decided to do a Google search and found this on the MBAM Forums, so that's why I thought this might also be a False Positive with the new update, which I would have been fine with, had it not been for xivee.com (ubuntugeek.com - make no mistake, I'm not blaming ubuntugeek, I realize it's xivee.com that's the problem URL/URI). So, still feeling uncertain, I ran an MD5Sum Hash against the cdbxpp.exe and got this: 0373ba18fd585e102ce6af9d7e5ed152 With this, I ran a query against VirusTotal and got this result: http://www.virustotal.com/file-scan/report.html?id=0e274ea5e7908fcfde94337e2095e0c6ad7e4d0c7eb703ebb99f12b066149906-1302273251. Other than the Anonymous comment flagging it for malware, there's no indication that it is; unfortunately, MD5 can be subverted quite easily, so I'm not entirely put at ease with this either. An hour or so ago, Kaspersky had another update, so I scanned "cdbxpp.exe" again and still had no malware issue; compared it to another MBAM scan and still had it recognized as malware (specifically targeted only "cdbxpp.exe" in both instances). Of course, that was me being naively hopeful, but I figured it was worth a shot. FYI, I've had CDBurnerXP since Tuesday, November 9, 2010. Downloaded from CNET, since all the downloads I've had from there have been safe, in my experience. Attached are both log files showing the difference in results (EDIT: couldn't upload earlier due to "forums.malwarebytes.org Driver Error". Tried to use "advanced uploader", but that didn't work either, database issue being cited as cause). Apologies for the long-winded post; just wanted to make sure that I was thorough in helping you diagnose the issue (there'd be a lot less reason to worry if I had just used Ubuntu to go to that site in the first place, doh!). mbam-log-2011-04-07 (19-55-47).txt mbam-log-2011-04-19 (00-23-32).txt
