Windows Update Notification Tool (Backdoor.IRCBot)

[Quppa]

A couple of users have reported that Malwarebytes Anti-Malware detects my Windows Update Notification Tool as being infected with 'Backdoor.IRCBot'. I can't seem to reproduce this on my system with the latest version/definitions of MBAM, but here's a log from someone else:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.15.11

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16580

*** :: *** [administrator]

2013-05-15 5:46:23 PM

mbam-log-2013-05-15 (17-46-23).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 502108

Time elapsed: 51 minute(s), 9 second(s)

Memory Processes Detected: 1

C:\Program Files\Windows Update Notification Tool\WUNotify.exe (Backdoor.IRCBot) -> 3712 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Notification Tool (Backdoor.IRCBot) -> Data: C:\Program Files\Windows Update Notification Tool\WUNotify.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files\Windows Update Notification Tool\WUNotify.exe (Backdoor.IRCBot) -> Delete on reboot.

(end)

[miekiemoes]

Hi,

This will be fixed in next database update.

[Quppa]

Good to hear. Thanks for the quick response.