Jump to content

Updated MBAM this evening and detected one infected object.


Recommended Posts

I was wondering if anyone else has had this particular file infection detected yet. Only after updating MBAM this evening have I ever had an infection detected. All scans prior to today's have not detected any infections. Could this be a false positive? I also ran the developer mode of MBAM and it did not detect any infections. I have since then deleted the offending file out of the MBAM quarantine.

Malwarebytes' Anti-Malware 1.34

Database version: 1790

Windows 5.1.2600 Service Pack 3

2/21/2009 8:19:35 PM

mbam-log-2009-02-21 (20-19-35).txt

Scan type: Full Scan (C:\|)

Objects scanned: 81861

Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> Quarantined and deleted successfully.

------------------------------------------------------------------

HiJackThis log after the MBAM scan and removal process:

------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:27:29 PM, on 2/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228955025250

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs:

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Link to post
Share on other sites

hello

i'm finding it also but when i right click scan msmsgs.exe Mbam doin't say nothing so i scaned

it at virscan and found nothing

i do not use windows messenger at all

Malwarebytes' Anti-Malware 1.34

Database version: 1790

Windows 5.1.2600 Service Pack 3

2/21/2009 7:25:28 PM

mbam-log-2009-02-21 (19-25-20).txt

Scan type: Full Scan (C:\|)

Objects scanned: 103038

Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe (Trojan.Autorun) -> No action taken. [6722202021207170231766202070702423226819212423692217691924671923]

virscan log

VirSCAN.org Scanned Report :

Scanned time : 2009/02/22 11:30:10 (CST)

Scanner results: All Scanners reported not find malware!

File Name : msmsgs.exe

File Size : 1694208 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 74e6e96c6f0e2eca4edbb7f7a468f259

SHA1 : 1b4729d1bd15e4d48422ecb5730959390c0be1c7

Online report : http://virscan.org/report/4835c1051421c251...91e32cc194.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.0.0.32 20090221170551 2009-02-21 2.62 -

AhnLab V3 2009.02.21.00 2009.02.21 2009-02-21 1.12 -

AntiVir 7.9.0.87 7.1.2.59 2009-02-21 1.87 -

Antiy 2.0.18 20090222.2199698 2009-02-22 0.12 -

Authentium 5.1.1 200902211511 2009-02-21 1.19 -

AVAST! 3.0.1 090221-0 2009-02-21 0.09 -

AVG 7.5.52.442 270.11.2/1965 2009-02-21 1.95 -

BitDefender 7.81008.2680327 7.23804 2009-02-22 2.54 -

CA (VET) 9.0.0.143 31.6.6368 2009-02-21 4.61 -

ClamAV 0.94.2 9022 2009-02-22 0.32 -

Comodo 3.8 986 2009-02-20 0.45 -

CP Secure 1.1.0.715 2009.02.21 2009-02-21 7.11 -

Dr.Web 4.44.0.9170 2009.02.22 2009-02-22 4.06 -

F-Prot 4.4.4.56 20090221 2009-02-21 1.17 -

F-Secure 5.51.6100 2009.02.22.01 2009-02-22 0.10 -

Fortinet 2.81-3.117 10.71 2009-02-21 0.31 -

GData 19.3306/19.233 20090222 2009-02-22 3.34 -

ViRobot 20090220 2009.02.20 2009-02-20 0.98 -

Ikarus T3.1.01.45 2009.02.22.72336 2009-02-22 3.75 -

JiangMin 11.0.706 2009.02.21 2009-02-21 1.50 -

Kaspersky 5.5.10 2009.02.22 2009-02-22 0.07 -

KingSoft 2009.2.5.15 2009.2.21.20 2009-02-21 0.67 -

McAfee 5.3.00 5532 2009-02-21 3.11 -

Microsoft 1.4306 2009.02.22 2009-02-22 4.86 -

mks_vir 2.01 2009.02.21 2009-02-21 2.78 -

Norman 6.00.06 6.00.00 2009-02-20 8.01 -

Panda 9.05.01 2009.02.21 2009-02-21 1.66 -

Trend Micro 8.700-1004 5.860.23 2009-02-21 0.03 -

Quick Heal 10.00 2009.02.20 2009-02-20 1.41 -

Rising 20.0 21.17.52.00 2009-02-21 1.74 -

Sophos 2.83.3 4.38 2009-02-22 2.60 -

Sunbelt 4819 4819 2009-02-16 0.50 -

Symantec 1.3.0.24 20090221.004 2009-02-21 0.07 -

nProtect 20090222.01 3175936 2009-02-22 3.87 -

The Hacker 6.3.2.4 v00263 2009-02-21 0.58 -

VBA32 3.12.10.0 20090221.1740 2009-02-21 2.02 -

VirusBuster 4.5.11.10 10.101.21/930783 2009-02-21 1.61 -

thanks

<_<

Link to post
Share on other sites

<_<

Hello All,

Yes I got that detection as well still qurantined though fiqure its a false positive sense very similar to what i had an internet security again didnt pick up on it and havent done anything to have gotten it so just posting log file for reference to show i got kinda cross between both of you mssmsgs.exe like first post and long line of numbers like second post, 6722202021207170231766202070702423226819212423692217691924671923

log posted below

Malwarebytes' Anti-Malware 1.34

Database version: 1790

Windows 5.1.2600 Service Pack 3

2/21/2009 11:28:59 PM

mbam-log-2009-02-21 (23-28-59).txt

Scan type: Full Scan (C:\|)

Objects scanned: 120228

Time elapsed: 16 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> Quarantined and deleted successfully. [6722202021207170231766202070702423226819212423692217691924671923]

all similar yet different ,,, im thinking fp this time waiting to see anyhow not deleting

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.