Marabunta Posted November 20, 2011 ID:496387 Share Posted November 20, 2011 clean?http://www.virustotal.com/file-scan/report.html?id=6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386-1321753933http://anubis.iseclab.org/?action=result&task_id=1c2c3f8e0b54e5e74ddcaf166744111ba&format=html#id298003c:\Users\***\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.svchost.rar Link to post Share on other sites More sharing options...
Staff shadowwar Posted November 20, 2011 Staff ID:496406 Share Posted November 20, 2011 Its Basically clean but a misused legit file. It should never be named that and located in that location. It is ok to delete. In this case its bundled with malware and used to compile the malware. Do you have the full log where it was detected. I am sure this is part of a bigger infection. Link to post Share on other sites More sharing options...
Marabunta Posted November 20, 2011 Author ID:496457 Share Posted November 20, 2011 Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatenbank Version: 8194Windows 6.1.7601 Service Pack 1Internet Explorer 9.0.8112.1642119.11.2011 21:36:38mbam-log-2011-11-19 (21-36-38).txtArt des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)Durchsuchte Objekte: 389195Laufzeit: 1 Stunde(n), 4 Minute(n), 37 Sekunde(n)Infizierte Speicherprozesse: 0Infizierte Speichermodule: 0Infizierte Registrierungsschlüssel: 0Infizierte Registrierungswerte: 0Infizierte Dateiobjekte der Registrierung: 0Infizierte Verzeichnisse: 0Infizierte Dateien: 1Infizierte Speicherprozesse:(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:(Keine bösartigen Objekte gefunden)Infizierte Dateien:c:\Users\***\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.thats all Link to post Share on other sites More sharing options...
Staff shadowwar Posted November 20, 2011 Staff ID:496478 Share Posted November 20, 2011 Was there recent detections when this was first detected? Link to post Share on other sites More sharing options...
Marabunta Posted November 22, 2011 Author ID:497219 Share Posted November 22, 2011 no... Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now