Jump to content

Possible F.P - winlogon + security center

tailz

By tailz
in File Detections

 Share

Recommended Posts

tailz

tailz

Posted
Posted

Database 1882

I got the following reported issues when my autorun finished today.

Malwarebytes' Anti-Malware 1.34

Database version: 1882

Windows 5.1.2600 Service Pack 3

21/03/2009 18:05:51

mbam-log-2009-03-21 (18-05-44).txt

Scan type: Quick Scan

Objects scanned: 86304

Time elapsed: 1 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830377484666777706915527068868374859036707985708313014144385864454

83634456446343641424738615248395356345138614674688380848071856152706886837485900

1

36707985708393347985745574838684377484666777704780857471903018130117]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830377484666777706915527068868374859036707985708313014144385864454

83634456446343641424738615248395356345138614674688380848071856152706886837485900

1

367079857083933974837088667777377484666777704780857471903018130117]

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\winlogon.exe (Backdoor.Bot) -> No action taken. [3857535134303627615642473748565261887479778072807915708970]

Genuine or is there something I need to change?

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

The top two are letting you know that certain security monitors built into windows have been disabled , in your case antivirus and firewall monitor . There are cases where both malware and legit software can disable these so if you know that they are disabled intentionally have MBAM ignore them .

The other looks like a bot , winlogon is a reserved word and should never be used by any other file than the actual winlogon file and in it home and backup locations . C:\windows is neither its home location nor a valid location to back up the file .

Link to post
Share on other sites
tailz

tailz

Posted
  • Author
Posted
The top two are letting you know that certain security monitors built into windows have been disabled , in your case antivirus and firewall monitor . There are cases where both malware and legit software can disable these so if you know that they are disabled intentionally have MBAM ignore them .

The other looks like a bot , winlogon is a reserved word and should never be used by any other file than the actual winlogon file and in it home and backup locations . C:\windows is neither its home location nor a valid location to back up the file .

So the first 2 are pretty much safe to ignore but the winlogon.exe should be deleted?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.