Jump to content

Wextract.exe


mhhack

Recommended Posts

Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

Link to post
Share on other sites

Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

My is this a relief, haha! Do you have Sandboxie installed?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1786

Windows 5.1.2600 Service Pack 3

2/22/2009 4:29:22 AM

mbam-log-2009-02-22 (04-29-22).txt

Scan type: Full Scan (C:\|)

Objects scanned: 78977

Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Guess we're clear, thanks for the swift fix!

Link to post
Share on other sites

Hi:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 12:21:07 PM

mbam-log-2009-02-21 (12-21-00).txt

Scan type: Quick Scan

Objects scanned: 71253

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken.

Is this a false positive?

Thanks

mbam.exe /developer:

Malwarebytes' Anti-Malware 1.34

Database version: 1785

Windows 5.1.2600 Service Pack 2

2/21/2009 1:56:32 PM

mbam-log-2009-02-21 (13-56-24).txt

Scan type: Quick Scan

Objects scanned: 71295

Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. [5253514247403037391723252324363419363425182436192118342517243621391837251724361

818172025182436221924172519243623192239251924363418262425202436]

Link to post
Share on other sites

I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it.

Drop that, I spoke too soon, it's the same folder but this time it's Trojan.Autorun -- msnmsgs.exe:

Malwarebytes' Anti-Malware 1.34

Database version: 1790

Windows 5.1.2600 Service Pack 3

2/22/2009 2:06:52 PM

mbam-log-2009-02-22 (14-06-50).txt

Scan type: Full Scan (C:\|E:\|)

Objects scanned: 40465

Time elapsed: 16 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken.

Should I just give up on Sandboxie?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1792

Windows 5.1.2600 Service Pack 3

2/22/2009 2:44:54 PM

mbam-log-2009-02-22 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 18664

Time elapsed: 10 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 2 weeks later...

Hello all, I did a quick scan today (after having updated the definitions) and received a warning about the file

wextract.exe

here it comes my developer mode Log

Thanks

Stefano

Malwarebytes' Anti-Malware 1.34

Versione del database: 1820

Windows 5.1.2600 Service Pack 3

05/03/2009 11.11.11

mbam-log-2009-03-05 (11-11-07).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 93707

Tempo trascorso: 4 minute(s), 1 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 1

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Link to post
Share on other sites

Yeah. One developer log from our forum:

Malwarebytes' Anti-Malware 1.34

Версия на базата от данни: 1820

Windows 5.1.2600 Service Pack 2

05.3.2009 г. 17:25:48

mbam-log-2009-03-05 (17-25-43).txt

Тип сканиране: Пълно сканиране (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Сканирани обекти: 90569

Изминало време: 12 minute(s), 6 second(s)

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 0

Заразени папки: 0

Заразени файлове: 3

Заразени процеси в паметта:

(Не бяха открити заплахи)

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

Заразени информационни обекти в регистратурата:

(Не бяха открити заплахи)

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

C:\SwSetup\SP36651\NET32\dotnetfx.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

C:\System Volume Information\_restore{A8EAC91A-05FD-4BAA-B874-BEE8BA8E561C}\RP4\A0001544.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Link to post
Share on other sites

FYI - Did a full scan today and received the wextract false positive.

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.