mhhack Posted February 21, 2009 ID:58457 Share Posted February 21, 2009 Hi: Malwarebytes' Anti-Malware 1.34Database version: 1785Windows 5.1.2600 Service Pack 22/21/2009 12:21:07 PMmbam-log-2009-02-21 (12-21-00).txtScan type: Quick ScanObjects scanned: 71253Time elapsed: 2 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.Is this a false positive?Thanks Link to post Share on other sites More sharing options...
d.a.a Posted February 21, 2009 ID:58459 Share Posted February 21, 2009 Hi: Malwarebytes' Anti-Malware 1.34Database version: 1785Windows 5.1.2600 Service Pack 22/21/2009 12:21:07 PMmbam-log-2009-02-21 (12-21-00).txtScan type: Quick ScanObjects scanned: 71253Time elapsed: 2 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.Is this a false positive?ThanksMy is this a relief, haha! Do you have Sandboxie installed? Link to post Share on other sites More sharing options...
nosirrah Posted February 21, 2009 ID:58461 Share Posted February 21, 2009 Update and scan again , this might be fixed .If not read the instructions here : http://www.malwarebytes.org/forums/index.php?showtopic=3228and post the dev version log . Link to post Share on other sites More sharing options...
d.a.a Posted February 21, 2009 ID:58465 Share Posted February 21, 2009 Doing so now, thanks for the quick response. Link to post Share on other sites More sharing options...
d.a.a Posted February 21, 2009 ID:58466 Share Posted February 21, 2009 Malwarebytes' Anti-Malware 1.34Database version: 1786Windows 5.1.2600 Service Pack 32/22/2009 4:29:22 AMmbam-log-2009-02-22 (04-29-22).txtScan type: Full Scan (C:\|)Objects scanned: 78977Time elapsed: 11 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Guess we're clear, thanks for the swift fix! Link to post Share on other sites More sharing options...
mhhack Posted February 21, 2009 Author ID:58472 Share Posted February 21, 2009 My is this a relief, haha! Do you have Sandboxie installed?Yes. Link to post Share on other sites More sharing options...
mhhack Posted February 21, 2009 Author ID:58474 Share Posted February 21, 2009 Hi: Malwarebytes' Anti-Malware 1.34Database version: 1785Windows 5.1.2600 Service Pack 22/21/2009 12:21:07 PMmbam-log-2009-02-21 (12-21-00).txtScan type: Quick ScanObjects scanned: 71253Time elapsed: 2 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.Is this a false positive?Thanksmbam.exe /developer:Malwarebytes' Anti-Malware 1.34Database version: 1785Windows 5.1.2600 Service Pack 22/21/2009 1:56:32 PMmbam-log-2009-02-21 (13-56-24).txtScan type: Quick ScanObjects scanned: 71295Time elapsed: 1 minute(s), 6 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. [5253514247403037391723252324363419363425182436192118342517243621391837251724361818172025182436221924172519243623192239251924363418262425202436] Link to post Share on other sites More sharing options...
d.a.a Posted February 21, 2009 ID:58475 Share Posted February 21, 2009 Odd, I've not detected anything. Did you update? Another note: Ever had any Sandboxie related FP's in the past? Link to post Share on other sites More sharing options...
mhhack Posted February 21, 2009 Author ID:58477 Share Posted February 21, 2009 Odd, I've not detected anything. Did you update? Another note: Ever had any Sandboxie related FP's in the past?Just updated - I had done it earlier today! In any event, it has not tagged wextract.exe this time around.Thanks Link to post Share on other sites More sharing options...
osgot Posted February 22, 2009 ID:58585 Share Posted February 22, 2009 Hi,First of all I must apologize for my english ( I Link to post Share on other sites More sharing options...
nosirrah Posted February 22, 2009 ID:58587 Share Posted February 22, 2009 @Osgot Please update and scan again , there have been quite a few updates today and this problem was fixed earlier . Link to post Share on other sites More sharing options...
osgot Posted February 22, 2009 ID:58590 Share Posted February 22, 2009 Thank you very much for this ultra fast reply !!!I'm going to update ...So , it's not a danger for my machine... Link to post Share on other sites More sharing options...
d.a.a Posted February 22, 2009 ID:58626 Share Posted February 22, 2009 I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it. Link to post Share on other sites More sharing options...
d.a.a Posted February 22, 2009 ID:58627 Share Posted February 22, 2009 I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it.Drop that, I spoke too soon, it's the same folder but this time it's Trojan.Autorun -- msnmsgs.exe:Malwarebytes' Anti-Malware 1.34Database version: 1790Windows 5.1.2600 Service Pack 32/22/2009 2:06:52 PMmbam-log-2009-02-22 (14-06-50).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 40465Time elapsed: 16 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken.Should I just give up on Sandboxie? Link to post Share on other sites More sharing options...
nosirrah Posted February 22, 2009 ID:58630 Share Posted February 22, 2009 C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken.I think I just fixed this .I need to know if 1792 does not fix this . Link to post Share on other sites More sharing options...
d.a.a Posted February 22, 2009 ID:58631 Share Posted February 22, 2009 I think I just fixed this .I need to know if 1792 does not fix this .Testing now. Why do you think this has occurred after the installation of Sandboxie? I guess chances are it isn't even related and I'm scanning at the wrong time, haha!Thanks again. Link to post Share on other sites More sharing options...
d.a.a Posted February 22, 2009 ID:58634 Share Posted February 22, 2009 Malwarebytes' Anti-Malware 1.34Database version: 1792Windows 5.1.2600 Service Pack 32/22/2009 2:44:54 PMmbam-log-2009-02-22 (14-44-54).txtScan type: Quick ScanObjects scanned: 18664Time elapsed: 10 minute(s), 57 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
SCD Posted February 22, 2009 ID:58636 Share Posted February 22, 2009 Malwarebytes' Anti-Malware 1.34Database version: 1792Windows 5.1.2600 Service Pack 32/22/2009 2:44:54 PMmbam-log-2009-02-22 (14-44-54).txtScan type: Quick ScanObjects scanned: 18664Time elapsed: 10 minute(s), 57 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
SCD Posted February 22, 2009 ID:58637 Share Posted February 22, 2009 Malwarebytes' Anti-Malware 1.34Database version: 1792Windows 5.1.2600 Service Pack 32/22/2009 2:44:54 PMmbam-log-2009-02-22 (14-44-54).txtScan type: Quick ScanObjects scanned: 18664Time elapsed: 10 minute(s), 57 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
SCD Posted February 22, 2009 ID:58639 Share Posted February 22, 2009 Hello.OK, it seems to be corrected. Another detection of false positive (ERUpdateHidden.EXE) have been corrected, both wextract.exe and ERUpdateHidden.EXE where from ACER computer.Fichier(s) infect Link to post Share on other sites More sharing options...
Stefano Giordano Posted March 5, 2009 ID:61636 Share Posted March 5, 2009 Hello all, I did a quick scan today (after having updated the definitions) and received a warning about the file wextract.exehere it comes my developer mode LogThanks Stefano Malwarebytes' Anti-Malware 1.34Versione del database: 1820Windows 5.1.2600 Service Pack 305/03/2009 11.11.11mbam-log-2009-03-05 (11-11-07).txtTipo di scansione: Scansione rapidaElementi scansionati: 93707Tempo trascorso: 4 minute(s), 1 second(s)Processi delle memoria infetti: 0Moduli della memoria infetti: 0Chiavi di registro infette: 0Valori di registro infetti: 0Elementi dato del registro infetti: 0Cartelle infette: 0File infetti: 1Processi delle memoria infetti:(Nessun elemento malevolo rilevato)Moduli della memoria infetti:(Nessun elemento malevolo rilevato)Chiavi di registro infette:(Nessun elemento malevolo rilevato)Valori di registro infetti:(Nessun elemento malevolo rilevato)Elementi dato del registro infetti:(Nessun elemento malevolo rilevato)Cartelle infette:(Nessun elemento malevolo rilevato)File infetti:C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373619172517173636363636363636363625353939222225353836251824371736351817171717171724221817252024371817171724221734252024371821393824221721202036173835182539392422182139392422181739392422173639392422172539392022341736211717171839391822353618181717171822373619] Link to post Share on other sites More sharing options...
Fatdcuk Posted March 5, 2009 ID:61651 Share Posted March 5, 2009 Confirmed as F/P.Please add to your ignore list and or restore from quarantine.This should be fixed shortly in defs update. Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted March 5, 2009 ID:61700 Share Posted March 5, 2009 Yeah. One developer log from our forum:Malwarebytes' Anti-Malware 1.34Версия на базата от данни: 1820Windows 5.1.2600 Service Pack 205.3.2009 г. 17:25:48mbam-log-2009-03-05 (17-25-43).txtТип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)Сканирани обекти: 90569Изминало време: 12 minute(s), 6 second(s)Заразени процеси в паметта: 0Заразени модули в паметта: 0Заразени ключове в регистратурата: 0Заразени стойности в регистратурата: 0Заразени информационни обекти в регистратурата: 0Заразени папки: 0Заразени файлове: 3Заразени процеси в паметта:(Не бяха открити заплахи)Заразени модули в паметта:(Не бяха открити заплахи)Заразени ключове в регистратурата:(Не бяха открити заплахи)Заразени стойности в регистратурата:(Не бяха открити заплахи)Заразени информационни обекти в регистратурата:(Не бяха открити заплахи)Заразени папки:(Не бяха открити заплахи)Заразени файлове:C:\SwSetup\SP36651\NET32\dotnetfx.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373619172517173636363636363636363625353939222225353836251824371736351817171717171724221817252024371817171724221734252024371821393824221721202036173835182539392422182139392422181739392422173639392422172539392022341736211717171839391822353618181717171822373619]C:\System Volume Information\_restore{A8EAC91A-05FD-4BAA-B874-BEE8BA8E561C}\RP4\A0001544.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373619172517173636363636363636363625353939222225353836251824371736351817171717171724221817252024371817171724221734252024371821393824221721202036173835182539392422182139392422181739392422173639392422172539392022341736211717171839391822353618181717171822373619]C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373619172517173636363636363636363625353939222225353836251824371736351817171717171724221817252024371817171724221734252024371821393824221721202036173835182539392422182139392422181739392422173639392422172539392022341736211717171839391822353618181717171822373619] Link to post Share on other sites More sharing options...
fates warning Posted March 5, 2009 ID:61733 Share Posted March 5, 2009 whew....thanks for the info guys! I was getting worried! Link to post Share on other sites More sharing options...
mgjazz Posted March 5, 2009 ID:61744 Share Posted March 5, 2009 FYI - Did a full scan today and received the wextract false positive.Malwarebytes' Anti-Malware 1.34Database version: 1820Windows 5.1.2600 Service Pack 3C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now