Jump to content

TeamSpeak3 ts3overlay plugin InstallHook.exe flagged as Spyware.Zbot.ED


gtaps3

Recommended Posts

It has probably been the hook and the 32/64 dll files, I'll upload then for you to check them out, here is my log the second time, I couldn't get the first one as I forgot, but I had these files on the log.


Files Detected: 4
C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe (Spyware.Zbot.ED) -> No action taken.
C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\ts3overlay_hook_win32.dll (Spyware.Zbot.ED) -> No action taken.
C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\ts3overlay_hook_win64.dll (Spyware.Zbot.ED) -> No action taken.
C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\ts3overlay_win32.dlll (Spyware.Zbot.ED) -> No action taken.

(end)

False Positives.zip

Link to post
Share on other sites

Ok I did a Full system scan, this time it did give the same hook file detection, but this time it added Adobe in it. The others did not show up, here is my log.


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.28.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Morningside :: PBBPAHP [administrator]
Protection: Enabled
1/28/2013 10:51:53 AM
MBAM-log-2013-01-28 (12-28-34).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 528398
Time elapsed: 1 hour(s), 35 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-1678817267-3637970206-1418593082-1001\$RTQ0R75\InstallHook.exe (Spyware.Zbot.ED) -> No action taken. [c181f286c8a32313a918b54ad32d619f]
C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Replace.exe (Spyware.Zbot.ED) -> No action taken. [2c160f695e0d77bfbb0625dacb35bd43]
(end)

Link to post
Share on other sites

It did not detect anything when I scanned the root directories of the files location, normally Mbam tells me that my database is updated to latest,etc, I don't look at it, I guess I should start checking and confirming it's up-to-date lol, thank you for your help.

Link to post
Share on other sites

I would also like to confirm that installhook.exe under Teamspeak 3 was showing up as spyware.zbot.ed, it was quarantined but I restored it. I rescanned, and nothing came up. I did not save the entire log, but I do have this under my log files:

2013/01/29 00:41:47 -0500 SCHUTZE-PC Schutze DETECTION C:\Program Files (x86)\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe Spyware.Zbot.ED QUARANTINE

I have since rescanned and nothing has came up. Has the latest database updates fixed this? Thank you in advance.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.