Jump to content
Fom

Trojan.Backdoor.MRX FP?

Recommended Posts

Got a bunch of flags of Trojan.Backdoor.MRX. I saw another post reporting similar results so I'm thinking this is probably a false positive.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.15.04

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16484

toph :: 13T0 [administrator]

2/15/2013 3:45:23 AM

MBAM-log-2013-02-15 (03-53-13).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 378176

Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Battlelog Web Plugins (Trojan.Backdoor.MRX) -> No action taken. [3709aded8ae13303198fc847b9480000]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ESN Sonar-0.70.4 (Trojan.Backdoor.MRX) -> No action taken. [94ace6b47cef68ceb3f5fe11a45df709]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Afterburner (Trojan.Backdoor.MRX) -> No action taken. [3a06c3d75c0fc373307867a891701be5]

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. [3709aded8ae13303198fc847b9480000]

C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. [94ace6b47cef68ceb3f5fe11a45df709]

C:\Users\toph\AppData\Local\Temp\sonarinst.exe (Trojan.Backdoor.MRX) -> No action taken. [87b91e7c076470c6bfe938d7be43fc04]

E:\MSIAfterburnerSetup231.exe (Trojan.Backdoor.MRX) -> No action taken. [e95724761a5151e5b3f551be4cb5d52b]

E:\Backup\Desktop\Universal-USB-Installer-1.8.6.9.exe (Trojan.Backdoor.MRX) -> No action taken. [c57bdac0373430064c5c46c922dfb34d]

E:\Program Files (x86)\MSI Afterburner\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken. [3a06c3d75c0fc373307867a891701be5]

(end)

FlaggedFiles.zip

Share this post


Link to post
Share on other sites

I'm getting the same thing to, and judging by other posts it looks to be a fault in the latest database update.

2013/02/15 01:18:13 -0700 BOOBLLA-LT Booblla MESSAGE Starting protection

2013/02/15 01:18:13 -0700 BOOBLLA-LT Booblla MESSAGE Protection started successfully

2013/02/15 01:18:13 -0700 BOOBLLA-LT Booblla MESSAGE Starting IP protection

2013/02/15 01:18:20 -0700 BOOBLLA-LT Booblla MESSAGE IP Protection started successfully

2013/02/15 01:23:08 -0700 BOOBLLA-LT Booblla MESSAGE Executing scheduled update: Daily

2013/02/15 01:23:18 -0700 BOOBLLA-LT Booblla MESSAGE Starting database refresh

2013/02/15 01:23:18 -0700 BOOBLLA-LT Booblla MESSAGE Stopping IP protection

2013/02/15 01:23:18 -0700 BOOBLLA-LT Booblla MESSAGE Scheduled update executed successfully: database updated from version v2013.02.14.03 to version v2013.02.15.04

2013/02/15 01:23:18 -0700 BOOBLLA-LT Booblla MESSAGE IP Protection stopped successfully

2013/02/15 01:23:21 -0700 BOOBLLA-LT Booblla MESSAGE Database refreshed successfully

2013/02/15 01:23:21 -0700 BOOBLLA-LT Booblla MESSAGE Starting IP protection

2013/02/15 01:23:25 -0700 BOOBLLA-LT Booblla MESSAGE IP Protection started successfully

2013/02/15 01:24:49 -0700 BOOBLLA-LT Booblla DETECTION C:\Users\Booblla\Downloads\HandBrake-0.9.8-x86_64-Win_GUI.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:24:54 -0700 BOOBLLA-LT Booblla DETECTION c:\users\booblla\downloads\handbrake-0.9.8-x86_64-win_gui.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:24:54 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:18 -0700 BOOBLLA-LT Booblla DETECTION C:\ProgramData\NVIDIA\Updatus\Packages\0000251f\updatus.14784178_RUNASUSER.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:24 -0700 BOOBLLA-LT Booblla DETECTION c:\users\booblla\downloads\handbrake-0.9.8-x86_64-win_gui.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:24 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:29 -0700 BOOBLLA-LT Booblla DETECTION c:\programdata\nvidia\updatus\packages\0000251f\updatus.14784178_runasuser.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:29 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:38 -0700 BOOBLLA-LT Booblla DETECTION c:\programdata\nvidia\updatus\packages\0000251f\updatus.14784178_runasuser.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:38 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:42 -0700 BOOBLLA-LT Booblla DETECTION C:\Users\Booblla\Downloads\JustCloud_Setup.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:46 -0700 BOOBLLA-LT Booblla DETECTION c:\users\booblla\downloads\handbrake-0.9.8-x86_64-win_gui.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:47 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:54 -0700 BOOBLLA-LT Booblla DETECTION c:\users\booblla\downloads\justcloud_setup.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:54 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:25:56 -0700 BOOBLLA-LT Booblla DETECTION c:\programdata\nvidia\updatus\packages\0000251f\updatus.14784178_runasuser.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:25:56 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 01:55:30 -0700 BOOBLLA-LT Booblla DETECTION c:\programdata\nvidia\updatus\packages\0000251f\updatus.14784178_runasuser.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 01:55:30 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 02:05:46 -0700 BOOBLLA-LT Booblla DETECTION c:\programdata\nvidia\updatus\packages\0000251f\updatus.14784178_runasuser.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 02:05:46 -0700 BOOBLLA-LT Booblla ERROR Quarantine failed: SDKQuarantine failed with error code 2

2013/02/15 02:07:53 -0700 BOOBLLA-LT Booblla DETECTION C:\Program Files\PC-Doctor\Setup_nltd.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 02:07:53 -0700 BOOBLLA-LT Booblla DETECTION C:\Program Files\PC-Doctor\uninst.exe Trojan.Backdoor.MRX QUARANTINE

2013/02/15 02:08:29 -0700 BOOBLLA-LT Booblla DETECTION C:\Program Files (x86)\Kobo\Uninstall.exe Trojan.Backdoor.MRX QUARANTINE

Share this post


Link to post
Share on other sites

Or is it? Just updated and got 2 detections, as when I updated yesterday and ran with no hits.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.15.04

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16484

Tuomas :: BLACKHEXATOWER [administrator]

15.2.2013 11:05:23

MBAM-log-2013-02-15 (11-07-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216775

Time elapsed: 1 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\optimizer_chrome (Trojan.Backdoor.MRX) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\IDM\bin\chrome_uninstaller_admin.exe (Trojan.Backdoor.MRX) -> No action taken.

(end)

File attached. The thing that worries me, is that Google gives zero hits with that .exe name. The registry key however points to the Widevine plugin used by HBO Nordic for streaming, at least according to some Google results of which there are only 4....

file.zip

Share this post


Link to post
Share on other sites

The registry does in fact tell me that supposedly that uninstaller, and registry, are for "Widevine Media Optimizer Chrome 6.0.0".....

Share this post


Link to post
Share on other sites

I'm seeing the same thing, a lot of Trojan.Backdoor.MRX items found today with MBAM Pro.

I got an MBAM popup alert for this, and then ran scans and many more were found.

My current DB version is V2013.02.15.04.

Hopefully this is a false positive, as I haven't taken any action yet to remove anything.

Thanks,

David

Share this post


Link to post
Share on other sites

Same trojan 1st. one quarantined C\ProgramData\NVIDIA\Updateus\Packages\00000175b\drsupdate_RUNASUSER.exe

did a scan and found another one C :\Windows\Installer\SandboxieInstall64.exe (ignored it)

I suppose (hope) these are false positives.

Thank you.

Share this post


Link to post
Share on other sites

I just uploaded a file to Virustotal and Malwarebytes reported the same Trojan.Backdoor.MRX finding.

No other scanner flagged the file.

I uploaded an older CCleaner install file (ccsetup323.exe) that I downloaded on 10/10/2012 and was never detected as malware until today.

Share this post


Link to post
Share on other sites

Hi everyone and malware teams,

i got this problem too, and i hope upload my results for infomation.

My scanned result with spybot and avast was clear and i also uploaded 6 suspicious files to virustotal.com

here is the link of the result at Virustotal .com

https://www.virustotal.com/zh-tw/file/42bd491bb424857f539f815e0d7557942750b645b5aa5239bc613523a562fb04/analysis/1360920653/

https://www.virustotal.com/zh-tw/file/b23940c40b998a0159054d033c494a48a5827e1b60cf6566244d44db3e808607/analysis/1360920123/

https://www.virustotal.com/zh-tw/file/523e506e324da02a28f2588cee6f336ea69590a08651809b4231e1beb5eedba1/analysis/1360920259/

https://www.virustotal.com/zh-tw/file/41f9120add9baa5645d68a294842785277a0e48882ebdd8dbbb69586d03c631a/analysis/1360919992/

https://www.virustotal.com/zh-tw/file/f1528907776a5cc1b970811388c8a19d53d6a2010bc7e1b602364a0c2c95a6c0/analysis/1360920881/

https://www.virustotal.com/zh-tw/file/ed875572945ef8f3670a9486fb2825602a043e0c4e2ac566c3b780c6534adaeb/analysis/1360921754/

and Malwarebytes result

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Version: v2013.02.15.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The KMPlayer (Trojan.Backdoor.MRX)

F:\Software\The KM player\The KMPlayer 2.9.4.1437\kmp.exe (Trojan.Backdoor.MRX) ->

C:\Program Files\The KMPlayer\uninstall.exe (Trojan.Backdoor.MRX) ->

D:\DL\EQ\EQ_setup.exe (Trojan.Backdoor.MRX) ->

F:\Software\ATI\10.6\10-6_xp32-64_hydravision.exe (Trojan.Backdoor.MRX) ->

F:\Software\PhotoScape\PhotoScape 3.5\PhotoScapeSetup_V3.5.exe (Trojan.Backdoor.MRX) ->

F:\Software\UMPlayer\0.9.8\UMPlayerSetup.exe (Trojan.Backdoor.MRX) ->

Thanks

Share this post


Link to post
Share on other sites

I've had the same issues this morning on 3 PC's, files esp uninstallers with the same 'Trojan.Backdoor.MRX' flag. It's unlikely for all the PC's to suddenly have developed the same problems so pretty sure it's a massive FP, disabled Mbam for now until it's sorted, did give me a fright though :-)

Share this post


Link to post
Share on other sites

I'm in the same boat. This is the second time in recent memory that MWB is returning (what I believe are) false-positives. I'm not at all tech-savy, so I'm never sure whether to restore--or panic. Anyone have any tips for how to determine whether a threat is true or false?

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 913021504

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/15/2013 4:37:01 AM

mbam-log-2013-02-15 (04-37-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 333249

Time elapsed: 36 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Move Networks Player - IE (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\all users\application data\Logitech\LWS\privacyshades\lws_privacyshade_uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\documents and settings\Susan\application data\move networks\movemediaplayer_071303000006.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\documents and settings\Susan\application data\move networks\ie_bin\Uninst.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\documents and settings\Susan\Desktop\ccsetup317(2).exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\documents and settings\Susan\Desktop\ccsetup317.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\documents and settings\Susan\Desktop\Programs\movemediaplayer_071101000055.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\old system\Desktop\movemediaplayer_07076007.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\CCleaner\uninst.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\common files\LogiShrd\driverstore\lws_uninstaller.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\common files\LogiShrd\installer\{d40eb009-0499-459c-a8af-c9c110766215}\uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\common files\LogiShrd\sharedbin\lws_uninstaller.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\common files\LWS\modeldata\lws_model_uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\Logitech\LWS\GetMore\lws_getmore_uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

c:\program files\Logitech\LWS\Help\lws_help_uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

We are aware of this and will have it resolved asap. My apologies for any inconvenience

Share this post


Link to post
Share on other sites

@Susanpl

The fact that so many different uninstallers on others & my PC's some which have been on one of my PC for years have suddenly become Trojans is beyond all probability! I've restored all mine & exited the background guard - I assume Mbam will sort this quickly when daylight reaches the USA as it's still early morning here in the UK - I really wouldn't worry.

Edit: I've just contacted a friend who runs an IT dept & all the PC's (50+) have the same problem - He was well upset :-)

Share this post


Link to post
Share on other sites

Glad to hear this is a FP problem - was freaking out, especially as there had been the big Steam update downloaded earlier. Glad I checked the forums before clicking the nuke button! I have to admit I was suspicious when I saw CCleaner's installer flagged, which had been on my computer for months and never a blip...

Anyway, here's the log from my scan, in case it helps y'all sort things out.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.15.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

SPM :: SPM-HP [administrator]

2/15/2013 4:31:13 AM

mbam-log-2013-02-15 (05-18-56).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 435987

Time elapsed: 41 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kobo (Trojan.Backdoor.MRX) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 8

C:\Program Files\CCleaner\uninst.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Program Files (x86)\Kobo\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\swsetup\APP\Multimedia\Hulu\Hulu\0.9.13\Hulu\src\hd-setup-0.9.13-HKCU.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\swsetup\APP\Multimedia\Hulu\Hulu\0.9.13\Hulu\src\hd-setup-0.9.13-HP.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Users\Chas\AppData\Local\Temp\~nsu.tmp\Au_.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Users\SophieMae\AppData\Local\HuluDesktop\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Users\SophieMae\AppData\Local\HuluDesktop\instances\0.9.13.1\hd-eula.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Users\SPM\Downloads\ccsetup322_slim.exe (Trojan.Backdoor.MRX) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

This is not an fasle positive I think....

I tried deleting the file but cannot, used file assasin then, failed. Tried all options, even reboot and delete. but failed.

Something is not right about this file.

Malware bytes detects it as trojan.backdoor.mrx.

I a normal file would not be un-deletable! :ph34r:

Share this post


Link to post
Share on other sites

C:\Program Files\7-Zip\Uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\BearShare Applications\MediaBar\uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\Exact Audio Copy\uninst.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\Graboid\uninst.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\ImgBurn\uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

C:\Program Files\PowerISO\uninstall.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

F:\Combat Arms\HShield\AhnRpt.exe (Trojan.Backdoor.MRX) -> Quarantined and deleted successfully.

:angry:

​ false positives

Share this post


Link to post
Share on other sites

Or is it? Just updated and got 2 detections, as when I updated yesterday and ran with no hits.

File attached. The thing that worries me, is that Google gives zero hits with that .exe name. The registry key however points to the Widevine plugin used by HBO Nordic for streaming, at least according to some Google results of which there are only 4....

This should have been fixed alrady. Please update your database :)

This should have been fixed already. Please update your database.

Just updated DB, removed my 2 found objects from ignore list, and ran again. This time nothing found. :) Fixed for me.

Thanks for the very quick response!

Share this post


Link to post
Share on other sites

Yesterday's scan was fine, this morning's scan went berserk on programs I know have to be clean. Praying for false positives - I just had this entire thing rebuilt and had to have the harddrive recovered professionally from a virus that chewed up my data from a crazy virus that not even the tech guy understood. Please tell me this is false positive. :(

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.15.04

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Protection: Enabled

2/15/2013 6:00:11 AM

MBAM-log-2013-02-15 (08-03-57).txt

Scan type: Full scan (C:\|D:\|G:\|H:\|J:\|K:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 500398

Time elapsed: 1 hour(s), 14 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client (Trojan.Backdoor.MRX) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 15

C:\Program Files\TeamSpeak 3 Client\createfileassoc.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\Program Files\TeamSpeak 3 Client\Uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\ProgramData\NVIDIA\Updatus\Packages\0000175b\drsupdate.14225440_RUNASUSER.exe (Trojan.Backdoor.MRX) -> No action taken.

C:\ProgramData\NVIDIA\Updatus\Packages\000021cd\drsupdate.14607810_RUNASUSER.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Doom 2\base\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Dragon Age Ultimate Edition\redist\DAOU_UpdateAddinsXML_Steam.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Dragon Age Ultimate Edition\redist\DAUServiceSetup_Steam.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Final Doom\base\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Master Levels of Doom\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Steam\SteamApps\common\Ultimate Doom\base\uninstall.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Users\LisaMarie\Documents\Dreamscapes\MMORPGs\WoW Addons\TeamSpeak3-Client-win32-3.0.9.2.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Users\LisaMarie\Documents\Dreamscapes\PROCESSED DOWNLOADS\Game Apps\TeamSpeak3-Client-win32-3.0.9.2.exe (Trojan.Backdoor.MRX) -> No action taken.

D:\Users\LisaMarie\Downloads\cbsidlm-tr1_10a-The_Matrix_Screen_Saver-SEO-10067722.exe (Trojan.Backdoor.MRX) -> No action taken.

H:\Video Games\Steam\SteamApps\common\Dragon Age Ultimate Edition\redist\DAOU_UpdateAddinsXML_Steam.exe (Trojan.Backdoor.MRX) -> No action taken.

H:\Video Games\Steam\SteamApps\common\Dragon Age Ultimate Edition\redist\DAUServiceSetup_Steam.exe (Trojan.Backdoor.MRX) -> No action taken.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.