Jump to content

Trojan.Vundo or False +


2bconfused

Recommended Posts

The following has occurred: (I'm using Windows XP home ed. sp2)

I installed Malwarebytes for 1st time this morning (v.1.34 database 1820).

Ran Quick Scan which showed 1 infected object. (Trojan.Vundo file):

Here's the log.....

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 2

3/5/2009 8:59:36 AM

mbam-log-2009-03-05 (08-59-35).txt

Scan type: Quick Scan

Objects scanned: 66800

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Then, after "quarantining and successfully deleting" the 1 infected item I ran a FULL scan.

This time 6 infected objects (all labeled Trojan.Vundo) were found (including the exact same file which had supposedly been quarantined/deleted!!! Here's the log file for the 2nd scan:

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 2

3/5/2009 10:20:11 AM

mbam-log-2009-03-05 (10-20-11).txt

Scan type: Full Scan (C:\|)

Objects scanned: 108233

Time elapsed: 30 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{DF18457C-4983-418E-BFF2-95A25065CF06}\RP336\A0037420.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DF18457C-4983-418E-BFF2-95A25065CF06}\RP347\A0039617.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{DF18457C-4983-418E-BFF2-95A25065CF06}\RP347\A0039618.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

I then closed Malwarebytes and ran my Norton Antivirus (which is completely up-to-date) It found nothing - nor had it found anything when I'd last run it yesterday.

After running Norton I disabled it and ran a Full Scan using Malwarebytes yet again. And again it showed 1 infected object (Trojan.Vundo). See the log for that scan:

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 2

3/5/2009 11:43:03 AM

mbam-log-2009-03-05 (11-43-03).txt

Scan type: Full Scan (C:\|)

Objects scanned: 108294

Time elapsed: 30 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{DF18457C-4983-418E-BFF2-95A25065CF06}\RP347\A0039619.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

What is going on? Are these false positives and if so - will having deleted them adversely imp;act my system in any way? Please advise. By the way I never ran any of the abovementioned scans in Safe Mode...does it matter?...nor did I disable System Restore. (I've never dealt with this kind of issue and am not very "clued in" :)

I'd be very grateful for any insight into what's going on......

Infected_Objects_Found.doc

Infected_Objects_Found.doc

Link to post
Share on other sites

Hi and welcome to MBAM forums.

They are confirmed F/P's and have been revised as of DB 1821.

The items can be safely restored from MBAM quarantine and this will have no adverse effect on your system.

Thanks for your reply and for your kind welcome.

I updated to DB 1822, ran full scan (again!) and all is clean.

Is it best to restore the 8 deletions as you've suggested - or to just leave them in quarantine. I want to do whatever will have the least possible negative impact.

And finally...I seem to have a very hard time figuring out how to post here in the forum (that's why there's an attachment to my prior post). Hope I won't run into same problem now when I try to post this reply......

Link to post
Share on other sites

I learned today that it's best just to leave everything in quarantine (& not delete) till things are all sorted out. I stumbled onto this forum today just as MBAM told me I had those trojans everyone else got. The timing couldn't have been better. That's the kind of luck I'm not accustomed to so it threw me for a loop.

I knew I liked MBAM, but this just confirms it even more. B)

Link to post
Share on other sites

Yo! Kenny! Small world! I'm not surprised to see you here.

Mr. Burns - "Ah, YoKenny.......at last we meet!" :)

Doctor Livingstone, I presume?

Link to post
Share on other sites

Thanks so much to members "Fatdcuk" and "Tigger93" for your quick replys. I did just as you suggested and all is well

This forum is as helpful and impressive as the software it supports. Five stars ***** all around :) ...(in spite of EIGHT! false positives the very first day I used Malwarebytes.)

I still think it's excellent.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.