DarkSnakeKobra Posted September 20, 2012 ID:599449 Share Posted September 20, 2012 Flash Player included with my HP Printer software. The registry key doesn't appear to exist or is protected as I'm unable to find it and MBAM can't jump to it's location.Malwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.20.09Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421DarkSnake-Kobra :: XPS17 [administrator]Protection: Enabled9/20/2012 5:06:24 PMmbam-log-2012-09-20 (17-23-51).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 317783Time elapsed: 17 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Backdoor) -> Data: 3 -> No action taken. [7fea59129fbe2f07bda5d6eefc041ae6]Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Trojan.Backdoor) -> No action taken. [7fea59129fbe2f07bda5d6eefc041ae6](end)FlashPla.zip Link to post Share on other sites More sharing options...
Wanton86 Posted September 20, 2012 ID:599462 Share Posted September 20, 2012 MBAM found these "Trojan.backdoor" for me today as well on both of my computers during the scan:C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Backdoor)Can anyone confirm that this is a FP? Link to post Share on other sites More sharing options...
nosirrah Posted September 20, 2012 ID:599465 Share Posted September 20, 2012 fixed in the next update Link to post Share on other sites More sharing options...
DarkSnakeKobra Posted September 20, 2012 Author ID:599476 Share Posted September 20, 2012 Thanks! Link to post Share on other sites More sharing options...
DarkSnakeKobra Posted September 21, 2012 Author ID:599480 Share Posted September 21, 2012 Full scan confirms that it is no longer being detected with the latest update. Thanks. Link to post Share on other sites More sharing options...
aquarabbit Posted September 21, 2012 ID:599617 Share Posted September 21, 2012 These are back I'm on database version 2012.09.21.05 and they both appeared this AM. Link to post Share on other sites More sharing options...
jdr1965 Posted September 21, 2012 ID:599651 Share Posted September 21, 2012 I got both backdoor.bot this morning as well. I clicked on REMOVE & now an installation pop-up appears on start-up. Scan was on my Mom's HP. Scanning one of mine now. Is there a way to get that Installation notification to quit? Link to post Share on other sites More sharing options...
Staff shadowwar Posted September 22, 2012 Staff ID:600074 Share Posted September 22, 2012 Can we get a log please if these are still detected?Thanks. Link to post Share on other sites More sharing options...
aquarabbit Posted September 23, 2012 ID:600322 Share Posted September 23, 2012 I updated last night, ran a full scan, and these were no longer detected. Thanks! Link to post Share on other sites More sharing options...
vram74 Posted September 23, 2012 ID:600360 Share Posted September 23, 2012 Getting this again here as well.Malwarebytes Anti-Malware 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.23.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421XX :: XX [administrator]9/23/2012 12:12:42 PMmbam-log-2012-09-23 (13-26-42).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 299621Time elapsed: 30 minute(s), 37 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 2 -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.(end) Link to post Share on other sites More sharing options...
DarkSnakeKobra Posted September 23, 2012 Author ID:600419 Share Posted September 23, 2012 I'm getting a different detection now.Malwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.23.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421DarkSnake-Kobra :: XPS17 [administrator]Protection: Enabled9/23/2012 2:45:50 PMmbam-log-2012-09-23 (14-48-31).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 43673Time elapsed: 2 minute(s), 37 second(s) [aborted]Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken. [0988dd8f4a131620689742829a66867a]Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Trojan.Spatet) -> No action taken. [0988dd8f4a131620689742829a66867a](end)FlashPla.zip Link to post Share on other sites More sharing options...
jdr1965 Posted September 23, 2012 ID:600439 Share Posted September 23, 2012 Same error as DarkSnake just occurred on my pc. Somehow it screws up my SolutionCenter.msi fileMalwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.23.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jon :: DRAGON [administrator]Protection: Enabled9/23/2012 2:02:50 PMmbam-log-2012-09-23 (15-11-29).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 384864Time elapsed: 1 hour(s), 6 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\hp\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.(end) Link to post Share on other sites More sharing options...
sUBs Posted September 27, 2012 ID:601706 Share Posted September 27, 2012 Thank you for reporting this. It shall be fixed in our next update. Link to post Share on other sites More sharing options...
DarkSnakeKobra Posted September 27, 2012 Author ID:601715 Share Posted September 27, 2012 Rescaned and confirmed it is no longer detected. Thank you very much. Link to post Share on other sites More sharing options...
pm8546 Posted September 27, 2012 ID:601743 Share Posted September 27, 2012 Same error as DarkSnake just occurred on my pc. Somehow it screws up my SolutionCenter.msi fileMalwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.23.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jon :: DRAGON [administrator]Protection: Enabled9/23/2012 2:02:50 PMmbam-log-2012-09-23 (15-11-29).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 384864Time elapsed: 1 hour(s), 6 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\hp\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.(end)Ditto on this, I am getting that same thing as of tonight with the lastest update to MWB. Link to post Share on other sites More sharing options...
Darice Posted September 27, 2012 ID:601838 Share Posted September 27, 2012 The files below are listed as Vendor: Trojan.Spatet, as is a Registry Value in the HKEY_CLASSES_ROOT (I believe it's in my Adobe Creative Suite files)...REG_SZI removed the two files listed above, but Windows fixes them instantly when I restart. The last time, the REG_SZ popped up.Malwarebytes Anti-Malware 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.26.13Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Darice :: VEGANDISCOTECH [administrator]9/26/2012 8:25:42 PMmbam-log-2012-09-27 (10-34-34).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 405152Time elapsed: 53 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 1 -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.C:\Windows\Installer\$PatchCache$\Managed\4AA7AEE2302C09b43AF491BFE71F8CC1\130.0.331\FlashPla.exe.9FAB98ED_2143_4534_9750_7CD4ECEB9596 (Trojan.Spatet) -> No action taken.(end) Link to post Share on other sites More sharing options...
pm8546 Posted September 27, 2012 ID:601847 Share Posted September 27, 2012 When I remove all of my HP Deskjet F4280 software, drivers, etc. MWB does not detect any threats at all. Then I download the Printer software again and run a scan I get the threats same location as before.Malwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.26.13Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Ron :: RON-PC [administrator]Protection: Enabled9/26/2012 5:49:32 PMmbam-log-2012-09-26 (17-49-32).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 320173Time elapsed: 22 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 2 -> Quarantined and deleted successfully.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
sUBs Posted September 27, 2012 ID:601862 Share Posted September 27, 2012 Database version: v2012.09.26.13Darice & pm8546, we're currently at v2012.09.27.07. Please have mbam update itself and do a re-scan. Link to post Share on other sites More sharing options...
pm8546 Posted September 27, 2012 ID:601886 Share Posted September 27, 2012 Malwarebytes Anti-Malware (PRO) 1.65.0.1400www.malwarebytes.orgDatabase version: v2012.09.27.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Ron :: RON-PC [administrator]Protection: Enabled9/27/2012 10:20:50 AMmbam-log-2012-09-27 (10-20-50).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 324799Time elapsed: 22 minute(s), 44 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)Loaded my HP printer software and re-scaned, as you can see no threats detected.Lets hope this update fix it.Thanks Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now