Jump to content
DarkSnakeKobra

Flash Player FP

Recommended Posts

Flash Player included with my HP Printer software. The registry key doesn't appear to exist or is protected as I'm unable to find it and MBAM can't jump to it's location.

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.20.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

DarkSnake-Kobra :: XPS17 [administrator]

Protection: Enabled

9/20/2012 5:06:24 PM

mbam-log-2012-09-20 (17-23-51).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 317783

Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Backdoor) -> Data: 3 -> No action taken. [7fea59129fbe2f07bda5d6eefc041ae6]

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Trojan.Backdoor) -> No action taken. [7fea59129fbe2f07bda5d6eefc041ae6]

(end)

FlashPla.zip

Share this post


Link to post
Share on other sites

MBAM found these "Trojan.backdoor" for me today as well on both of my computers during the scan:

C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Backdoor)

Can anyone confirm that this is a FP?

Share this post


Link to post
Share on other sites

Full scan confirms that it is no longer being detected with the latest update. :) Thanks.

Share this post


Link to post
Share on other sites

I got both backdoor.bot this morning as well. I clicked on REMOVE & now an installation pop-up appears on start-up. Scan was on my Mom's HP. Scanning one of mine now. Is there a way to get that Installation notification to quit?

Share this post


Link to post
Share on other sites

Getting this again here as well.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.23.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

XX :: XX [administrator]

9/23/2012 12:12:42 PM

mbam-log-2012-09-23 (13-26-42).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 299621

Time elapsed: 30 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 2 -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

I'm getting a different detection now.

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.23.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

DarkSnake-Kobra :: XPS17 [administrator]

Protection: Enabled

9/23/2012 2:45:50 PM

mbam-log-2012-09-23 (14-48-31).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 43673

Time elapsed: 2 minute(s), 37 second(s) [aborted]

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken. [0988dd8f4a131620689742829a66867a]

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Trojan.Spatet) -> No action taken. [0988dd8f4a131620689742829a66867a]

(end)

FlashPla.zip

Share this post


Link to post
Share on other sites

Same error as DarkSnake just occurred on my pc. Somehow it screws up my SolutionCenter.msi file

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.23.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jon :: DRAGON [administrator]

Protection: Enabled

9/23/2012 2:02:50 PM

mbam-log-2012-09-23 (15-11-29).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 384864

Time elapsed: 1 hour(s), 6 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\hp\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

Same error as DarkSnake just occurred on my pc. Somehow it screws up my SolutionCenter.msi file

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.23.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jon :: DRAGON [administrator]

Protection: Enabled

9/23/2012 2:02:50 PM

mbam-log-2012-09-23 (15-11-29).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 384864

Time elapsed: 1 hour(s), 6 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 3 -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\hp\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.

(end)

Ditto on this, I am getting that same thing as of tonight with the lastest update to MWB.

Share this post


Link to post
Share on other sites

The files below are listed as Vendor: Trojan.Spatet, as is a Registry Value in the HKEY_CLASSES_ROOT (I believe it's in my Adobe Creative Suite files)...REG_SZ

I removed the two files listed above, but Windows fixes them instantly when I restart. The last time, the REG_SZ popped up.

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.26.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Darice :: VEGANDISCOTECH [administrator]

9/26/2012 8:25:42 PM

mbam-log-2012-09-27 (10-34-34).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 405152

Time elapsed: 53 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> No action taken.

C:\Windows\Installer\$PatchCache$\Managed\4AA7AEE2302C09b43AF491BFE71F8CC1\130.0.331\FlashPla.exe.9FAB98ED_2143_4534_9750_7CD4ECEB9596 (Trojan.Spatet) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

When I remove all of my HP Deskjet F4280 software, drivers, etc. MWB does not detect any threats at all. Then I download the Printer software again and run a scan I get the threats same location as before

.Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.26.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ron :: RON-PC [administrator]

Protection: Enabled

9/26/2012 5:49:32 PM

mbam-log-2012-09-26 (17-49-32).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 320173

Time elapsed: 22 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Trojan.Spatet) -> Data: 2 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe (Trojan.Spatet) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites
Database version: v2012.09.26.13

Darice & pm8546, we're currently at v2012.09.27.07. Please have mbam update itself and do a re-scan.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.27.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ron :: RON-PC [administrator]

Protection: Enabled

9/27/2012 10:20:50 AM

mbam-log-2012-09-27 (10-20-50).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 324799

Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Loaded my HP printer software and re-scaned, as you can see no threats detected.

Lets hope this update fix it.

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.