Jump to content
Sign in to follow this  
SpiderLover

_ISDel.exe

Recommended Posts

Hi,

I noticed that the uninstaller for an official EA game patch was detected as Trojan.Zbot by MBAM; the patch is for Need For Speed: High Stakes.

Here is the log:

_ISDel.zip

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.02

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.18702

COM :: COM-B80F3AD61EC [administrator]

Protection: Enabled

6/28/2012 11:19:48 PM

mbam-log-2012-06-28 (23-22-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 178998

Time elapsed: 3 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\COM\Local Settings\Temp\pftB3~tmp\_ISDel.exe (Trojan.Zbot) -> No action taken. [1b9b28d1312b56e05745cfe1fc047b85]

(end)

Share this post


Link to post
Share on other sites

I just found this topic on an internet search because I got the same hit on other installers not related to the game.

C:\IBMTOOLS\DRIVERS_BEST\BMMPM\_ISDEL.EXE

... \EZEJECT\_ISDEL.EXE

... \IBMPM\_ISDEL.EXE

... \PDIRECT\_ISDEL.EXE

... \UTILITY\_ISDEL.EXE

Share this post


Link to post
Share on other sites

I just found this topic on an internet search because I got the same hit on other installers not related to the game.

C:\IBMTOOLS\DRIVERS_BEST\BMMPM\_ISDEL.EXE

... \EZEJECT\_ISDEL.EXE

... \IBMPM\_ISDEL.EXE

... \PDIRECT\_ISDEL.EXE

... \UTILITY\_ISDEL.EXE

Greetings and welcome :)

This thread is very old so it's likely that the definition hitting these files is completely different. If you would, please follow the instructions outlined here and post back a developers log so that our Research team can investigate the detections and get them corrected if they are indeed false positives.

Thanks :)

Share this post


Link to post
Share on other sites

MBAM auto protect quarantined this file from this location: D:\Apps\Symantec Ghost Suite 2_5\Symantec Ghost Installer\Extras\3Com Boot Services\Install on my system. File attached.

Share this post


Link to post
Share on other sites

I'll see if another MBAM flag occurs when I run next week's round of scans, but the new v1.75 and latest updates identified a number of instances of _ISDel.exe as Spyware.Zbot on two older Toshiba laptops in my office, in each case pointing to that executable associated with official Toshiba application update patches and residing in temporary directories affiliated with their installation which have been present for years with no previous flag raised by MBAM or any of the other malware scanners run in residence (MSE) or in manual weekly scans (MBAM, Super Antispyware, TDSS Killer, Panda Cloud AV).

If the flags are presented again next week, I'll monitor any followup messages in this thread and submit the developer log file then.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.