Jump to content
Sign in to follow this  
Skipperl

LSDriveDetect.exe and \Adobe AIR\Versions\1.0\Resources\template.exe

Recommended Posts

Ran MWB's (latest update) full scan tonight and got the following errors on a system that has run these same files clean for months. I also submitted them to Jotti's malware scan and they ran clean on all 9 programs. I suspect false positives. Both files came with new computer. Any advice appreciated. Rerunning in developer mode now.

Files Detected: 2

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{4C6E12E5-5905-4aa5-B462-E7DFC4BD75E5}\LSDriveDetect.exe (Spyware.Password) -> No action taken.

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password)

Share this post


Link to post
Share on other sites
Guest DangerousClick

Hello skipperl,

There seems to be an issue going on with a bunch of stuff being detected as spyware.password, I assume it is a bug. These are the necessary steps to identify malware easily.

1. Go to virustotal and upload the files

2. Post the link of the analysis of them back.

Thank you

~Click~

Share this post


Link to post
Share on other sites

File name: LSDriveDetect.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date:

2012-09-24 03:46:16 UTC ( 0 minutes ago ) File name: template.exe File type: Win32 EXE Detection ratio: 0 / 26 Analysis date: 2012-09-24 03:52:09 UTC ( 0 minutes ago )

Both ran clean on virustotal as well.

Share this post


Link to post
Share on other sites

Developer log with attached zip file

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.24.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Skip :: SKIP-PC [administrator]

9/23/2012 11:22:35 PM

mbam-log-2012-09-24 (00-02-52).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325294

Time elapsed: 36 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{4C6E12E5-5905-4aa5-B462-E7DFC4BD75E5}\LSDriveDetect.exe (Spyware.Password) -> No action taken. [faf78be17de023138692bc0937c96f91]

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) -> No action taken. [549d6804174669cd7f99b70e7f81d22e]

(end)

mbam-log-2012-09-24 (00-02-52).zip

Share this post


Link to post
Share on other sites

I found C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) one of my computers as well and changed all of my passwords which took close to two hours. I've found the same thing on my other computer and want to make sure it's a bug otherwise I'm going to have to change all my passwords again.

Share this post


Link to post
Share on other sites

Thank you, I've used your product for many years without a mistake so I have no problem overlooking this incident and will continue to support you guys as there was a couple times where your software was the only thing that saved my computer.

Share this post


Link to post
Share on other sites

When you say your updating it, you mean just the definitions? or will there be a new "version" of the software. I got a handful of these 'password' things today....

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.