Jump to content

wextract.exe (Trojan.Vundo)


e3henri
 Share

Recommended Posts

After updating to 1820 it detects A Vundo Trojan in wextract.

After a succesful removal and a new scan it is still there.

This was not present in 1819. False?

I just a removed a lots a trojans with this excellent tool (I didnt know I had them and I though I was an experienced user who doesnt get "stuff" in my computer) so Im a bit angious right now to get my machine totally clean.

Great program. Finds more than Spyware doctor

(Swedish log file - sorry for that)

Malwarebytes' Anti-Malware 1.34

Databasversion: 1820

Windows 5.1.2600 Service Pack 3

2009-03-05 10:53:35

mbam-log-2009-03-05 (10-53-35).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 65168

F

Link to post
Share on other sites

Developer log:

Infekterade filer:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Link to post
Share on other sites

I have exactly the same

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

05/03/2009 10:05:17

mbam-log-2009-03-05 (10-05-03).txt

Scan type: Quick Scan

Objects scanned: 104289

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Link to post
Share on other sites

Had the same as reported in

this thread

I created this new thread since it looks like the old wextract problem was solved over a week ago and this new issue is started from 1820.

But lets the admins decide what to do.

Hope to get any feedback soon.

But since there are at least 3 people reporting this in the last 30 minutes and think it is false.

Link to post
Share on other sites

I got something similar to that as well. 3 instances of wextract.exe appeared when I performed a full scan. So now I'm just sitting here with the results page open wondering if it's safe to remove them.

Files Infected:

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

I am getting tired would it make a difference if I were to remove them?

Sorry if this is the wrong place to post.

Link to post
Share on other sites

I got something similar to that as well. 3 instances of wextract.exe appeared when I performed a full scan. So now I'm just sitting here with the results page open wondering if it's safe to remove them.

Files Infected:

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

I am getting tired would it make a difference if I were to remove them?

Sorry if this is the wrong place to post.

I removed mine (in service32\) and it says successfully removed. After a new smart scan It is still there.

Dont know if the remove does anything in the case

Link to post
Share on other sites

I removed mine (in service32\) and it says successfully removed. After a new smart scan It is still there.

Dont know if the remove does anything in the case

Hmm alrighty then.

I'm just afraid if I were to shutdown and go to sleep that it'll damage my computer or if I were to delete them and it ends up as a false positive that it'll damage my computer.

I'm not to experienced in false positives so any clarification is appreciated. ^^;

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.