Jump to content
Greg F

wextract.exe being reported as vundo

Recommended Posts

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

3/5/2009 8:05:54 AM

mbam-log-2009-03-05 (08-05-48).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 111653

Time elapsed: 13 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\drivers\ATI_8.542_Win2KXP\NET32\dotnetfx.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

E:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

E:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 2

3/5/2009 9:19:53 PM

mbam-log-2009-03-05 (21-19-53).txt

Scan type: Quick Scan

Objects scanned: 18504

Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

mine is getting one too..

Share this post


Link to post
Share on other sites

Confirmed as F/P.

Please add to your ignore list and or restore from quarantine.

This should be fixed shortly in defs update.

Share this post


Link to post
Share on other sites
Confirmed as F/P.

Please add to your ignore list and or restore from quarantine.

This should be fixed shortly in defs update.

thanks for confirming it B)

Share this post


Link to post
Share on other sites
Guest

Dear Malwarebytes Forum Members,

I too registered the 'false positive' Trojan.Vundo in wextract.exe (please see developer log below).

I admit my heart stopped beating for a minute! The Vundo trojan is a proper c u n t to remove!

Will this be corrected in the next update (1821)?

Thanks for your time!

Newbi3

-------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

5/03/2009 2:44:59 PM

mbam-log-2009-03-05 (14-44-54).txt

Scan type: Quick Scan

Objects scanned: 59970

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites

Right then. B) Yeah, not a nice thing to see with my morning coffee. LOL. I am glad this forum is here and I restored the files from quarantine and that the folks at MB are on it. I did find it rather odd that AVG hadn't found anything in its daily 3 am scan and yet MB found something when I used it around 7 :) , but the OMGWTFTVUNDO had taken over for a second.

Share this post


Link to post
Share on other sites

Glad I decided to find this forum before deleting all those SP3 wextract files. Close call.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.