Jump to content

Recommended Posts

These Trojan Hilotis were found today on a MBAM Pro full scan.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

Protection: Disabled

23/10/2013 12:40:36
MBAM-log-2013-10-23 (13-38-39).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374030
Time elapsed: 32 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.

Registry Keys Detected: 1
HKCR\CLSID\{5E048391-5B2B-4155-9E60-86E61E69A0DD} (Trojan.Hiloti) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Program Files (x86)\Philips\Philips SPC900NC PC Camera\vista32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Windows\SoftwareDistribution\Download\34f35f2e8f997a9cedcf10df736e7cf25b0ffc13 (Trojan.Hiloti) -> No action taken.
c:\windows\system32\driverstore\filerepository\camvid40.inf_amd64_neutral_a2b5f205314e5802\vista32\camext40v32.ax (Trojan.Hiloti) -> No action taken.

(end)

 

Zip File

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

Protection: Disabled

23/10/2013 12:40:36
MBAM-log-2013-10-23 (13-38-39).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374030
Time elapsed: 32 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.

Registry Keys Detected: 1
HKCR\CLSID\{5E048391-5B2B-4155-9E60-86E61E69A0DD} (Trojan.Hiloti) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Program Files (x86)\Philips\Philips SPC900NC PC Camera\vista32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Windows\SoftwareDistribution\Download\34f35f2e8f997a9cedcf10df736e7cf25b0ffc13 (Trojan.Hiloti) -> No action taken.
c:\windows\system32\driverstore\filerepository\camvid40.inf_amd64_neutral_a2b5f205314e5802\vista32\camext40v32.ax (Trojan.Hiloti) -> No action taken.

(end)

 

Please can you tell me if these are false positives.

 

Best regards

 

Roy

 

 

CamExt40V64.zip

Link to post
Share on other sites

  • Staff

Hi,

 

This looks like a false positive indeed, but It looks like you attached the wrong file since I cannot reproduce detection here.

Can you attach the CamExt40V32.ax instead of CamExt40V64.ax? This so we know what to fix

 

Edited to add.. Found the correct file via another source already.

This will be fixed in next database update.

 

Thanks

Edited by miekiemoes
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.