Jump to content
mhhack

Wextract.exe

Recommended Posts

Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

Share this post


Link to post
Share on other sites
Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

My is this a relief, haha! Do you have Sandboxie installed?

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1786

Windows 5.1.2600 Service Pack 3

2/22/2009 4:29:22 AM

mbam-log-2009-02-22 (04-29-22).txt

Scan type: Full Scan (C:\|)

Objects scanned: 78977

Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Guess we're clear, thanks for the swift fix!

Share this post


Link to post
Share on other sites
Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

mbam.exe /developer:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 1:56:32 PM

mbam-log-2009-02-21 (13-56-24).txt

Scan type: Quick Scan

Objects scanned: 71295

Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. [5253514247403037391723252324363419363425182436192118342517243621391837251724361

818172025182436221924172519243623192239251924363418262425202436]

Share this post


Link to post
Share on other sites

Odd, I've not detected anything. Did you update?

Another note: Ever had any Sandboxie related FP's in the past?

Share this post


Link to post
Share on other sites
Odd, I've not detected anything. Did you update?

Another note: Ever had any Sandboxie related FP's in the past?

Just updated - I had done it earlier today! In any event, it has not tagged wextract.exe this time around.

Thanks

Share this post


Link to post
Share on other sites

@Osgot

Please update and scan again , there have been quite a few updates today and this problem was fixed earlier .

Share this post


Link to post
Share on other sites

Thank you very much for this ultra fast reply !!!

I'm going to update ...

So , it's not a danger for my machine... <_<

Share this post


Link to post
Share on other sites

I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it.

Share this post


Link to post
Share on other sites
I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it.

Drop that, I spoke too soon, it's the same folder but this time it's Trojan.Autorun -- msnmsgs.exe:

Malwarebytes' Anti-Malware 1.34

Database version: 1790

Windows 5.1.2600 Service Pack 3

2/22/2009 2:06:52 PM

mbam-log-2009-02-22 (14-06-50).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 40465

Time elapsed: 16 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken.

Should I just give up on Sandboxie?

Share this post


Link to post
Share on other sites
C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken.

I think I just fixed this .

I need to know if 1792 does not fix this .

Share this post


Link to post
Share on other sites
I think I just fixed this .

I need to know if 1792 does not fix this .

Testing now. Why do you think this has occurred after the installation of Sandboxie? I guess chances are it isn't even related and I'm scanning at the wrong time, haha!

Thanks again.

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hello.

OK, it seems to be corrected. Another detection of false positive (ERUpdateHidden.EXE) have been corrected, both wextract.exe and ERUpdateHidden.EXE where from ACER computer.

Fichier(s) infect

Share this post


Link to post
Share on other sites

Hello all, I did a quick scan today (after having updated the definitions) and received a warning about the file

wextract.exe

here it comes my developer mode Log

Thanks

Stefano

Malwarebytes' Anti-Malware 1.34

Versione del database: 1820

Windows 5.1.2600 Service Pack 3

05/03/2009 11.11.11

mbam-log-2009-03-05 (11-11-07).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 93707

Tempo trascorso: 4 minute(s), 1 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 1

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites

Confirmed as F/P.

Please add to your ignore list and or restore from quarantine.

This should be fixed shortly in defs update.

Share this post


Link to post
Share on other sites

Yeah. One developer log from our forum:

Malwarebytes' Anti-Malware 1.34

Версия на базата от данни: 1820

Windows 5.1.2600 Service Pack 2

05.3.2009 г. 17:25:48

mbam-log-2009-03-05 (17-25-43).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Сканирани обекти: 90569

Изминало време: 12 minute(s), 6 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 3

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

C:\SwSetup\SP36651\NET32\dotnetfx.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

C:\System Volume Information\_restore{A8EAC91A-05FD-4BAA-B874-BEE8BA8E561C}\RP4\A0001544.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites

FYI - Did a full scan today and received the wextract false positive.

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.