Jump to content

Trojan.Vundo False Positive


edge

Recommended Posts

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 2

3/5/2009 10:59:02 AM

mbam-log-2009-03-05 (10-58-33).txt

Scan type: Quick Scan

Objects scanned: 68231

Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [525351424740303417362117171718233439363939242217253939182235211818

1717171822373619172517173636363636363636363625353939222225353836251

8243717363518171717171717242218172520243718171717242217342520243718

2139382422172120203617383518253939242218213939242218173939242217363

9392422172539392022341736211717171839391822353618181717171822373619]

Link to post
Share on other sites

hello

i'm getting this one also

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

3/5/2009 9:43:35 AM

mbam-log-2009-03-05 (09-43-26).txt

Scan type: Quick Scan

Objects scanned: 63892

Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\ERUpdateHidden.EXE (Trojan.Vundo) -> No action taken.

VirSCAN.org Scanned Report :

Scanned time : 2009/03/05 09:48:30 (PST)

Scanner results: All Scanners reported not find malware!

File Name : ERUpdateHidden.EXE

File Size : 1168896 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 4bfa1831bdc58b5e7f077892e8b694e6

SHA1 : 11647d69ce7fd25bad69d2089739a3c76eeabcc9

Online report : http://virscan.org/report/bd592ff72e69e295...5be92f6d55.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.0.0.32 20090305045332 2009-03-05 3.48 -

AhnLab V3 2009.03.05.03 2009.03.05 2009-03-05 1.55 -

AntiVir 7.9.0.100 7.1.2.127 2009-03-05 1.86 -

Antiy 2.0.18 20090305.2210017 2009-03-05 0.12 -

Authentium 5.1.1 200903041747 2009-03-04 1.46 -

AVAST! 3.0.1 090305-0 2009-03-05 0.04 -

AVG 7.5.52.442 270.11.8/1985 2009-03-05 2.37 -

BitDefender 7.81008.2743764 7.23981 2009-03-05 3.74 -

CA (VET) 9.0.0.143 31.6.6382 2009-03-05 8.01 -

ClamAV 0.94.2 9073 2009-03-05 1.40 -

Comodo 3.8 986 2009-03-05 0.46 -

CP Secure 1.1.0.715 2009.03.05 2009-03-05 7.95 -

Dr.Web 4.44.0.9170 2009.03.05 2009-03-05 4.95 -

F-Prot 4.4.4.56 20090304 2009-03-04 2.00 -

F-Secure 5.51.6100 2009.03.05.06 2009-03-05 0.56 -

Fortinet 2.81-3.117 10.120 2009-03-05 0.89 -

GData 19.3654/19.249 20090305 2009-03-05 6.95 -

ViRobot 20090305 2009.03.05 2009-03-05 0.41 -

Ikarus T3.1.01.45 2009.03.05.72386 2009-03-05 5.75 -

JiangMin 11.0.706 2009.03.05 2009-03-05 1.72 -

Kaspersky 5.5.10 2009.03.05 2009-03-05 0.50 -

KingSoft 2009.2.5.15 2009.3.5.21 2009-03-05 0.68 -

McAfee 5.3.00 5543 2009-03-04 2.86 -

Microsoft 1.4405 2009.03.05 2009-03-05 5.91 -

mks_vir 2.01 2009.03.05 2009-03-05 3.12 -

Norman 6.00.06 6.00.00 2009-03-05 8.01 -

Panda 9.05.01 2009.03.04 2009-03-04 1.87 -

Trend Micro 8.700-1004 5.882.03 2009-03-05 0.05 -

Quick Heal 10.00 2009.03.05 2009-03-05 1.14 -

Rising 20.0 21.19.32.00 2009-03-05 1.25 -

Sophos 2.84.1 4.39 2009-03-05 2.51 -

Sunbelt 5022 5022 2009-03-04 0.59 -

Symantec 1.3.0.24 20090304.017 2009-03-04 0.08 -

nProtect 20090305.02 3243337 2009-03-05 5.52 -

The Hacker 6.3.2.7 v00272 2009-03-04 0.52 -

VBA32 3.12.10.1 20090304.1443 2009-03-04 8.06 -

VirusBuster 4.5.11.10 10.101.35/966288 2009-03-05 2.62 -

thanks

B)

Link to post
Share on other sites

I rescanned with def update Database version: 1821 and the system came up clean.

When I first detected this on the previous def, the only action MBAM gave was removal. Does this put the file in quarantine or delete it? If it deletes, how do I quarantine first?

Thanks

Link to post
Share on other sites

hi is this a Fp?Files Infected:

C:\ACER\Preload\Autorun\APP\WinDVD\ISSetupPrerequisites\{F13C828A-9EAE-4992-AFF2-F21E388A1DFC}\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\OEM\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I rescanned with def update Database version: 1821 and the system came up clean.

When I first detected this on the previous def, the only action MBAM gave was removal. Does this put the file in quarantine or delete it? If it deletes, how do I quarantine first?

Thanks

It puts the file in quarantine. Just restore it from there.

Link to post
Share on other sites

hi is this a Fp?Files Infected:

C:\ACER\Preload\Autorun\APP\WinDVD\ISSetupPrerequisites\{F13C828A-9EAE-4992-AFF2-F21E388A1DFC}\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\OEM\vcredist_x86.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Most like a fp due to a bad def on my part. Please update your database and scan again. Please restore the file from quarantine.

Thanks and sorry for any problems this has caused you.

Link to post
Share on other sites

Most like a fp due to a bad def on my part. Please update your database and scan again. Please restore the file from quarantine.

Thanks and sorry for any problems this has caused you.

i restores those files from quarantine and updates malware bytes def and gave a full system scan and problem fix thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.