Trojan.Hiloti

[yogibear]

These Trojan Hilotis were found today on a MBAM Pro full scan.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

Protection: Disabled

23/10/2013 12:40:36
MBAM-log-2013-10-23 (13-38-39).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374030
Time elapsed: 32 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.

Registry Keys Detected: 1
HKCR\CLSID\{5E048391-5B2B-4155-9E60-86E61E69A0DD} (Trojan.Hiloti) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Program Files (x86)\Philips\Philips SPC900NC PC Camera\vista32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Windows\SoftwareDistribution\Download\34f35f2e8f997a9cedcf10df736e7cf25b0ffc13 (Trojan.Hiloti) -> No action taken.
c:\windows\system32\driverstore\filerepository\camvid40.inf_amd64_neutral_a2b5f205314e5802\vista32\camext40v32.ax (Trojan.Hiloti) -> No action taken.

(end)

 

Zip File

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
User :: USER-PC [administrator]

Protection: Disabled

23/10/2013 12:40:36
MBAM-log-2013-10-23 (13-38-39).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 374030
Time elapsed: 32 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.

Registry Keys Detected: 1
HKCR\CLSID\{5E048391-5B2B-4155-9E60-86E61E69A0DD} (Trojan.Hiloti) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Program Files (x86)\Philips\Philips SPC900NC PC Camera\vista32\CamExt40V32.ax (Trojan.Hiloti) -> No action taken.
C:\Windows\SoftwareDistribution\Download\34f35f2e8f997a9cedcf10df736e7cf25b0ffc13 (Trojan.Hiloti) -> No action taken.
c:\windows\system32\driverstore\filerepository\camvid40.inf_amd64_neutral_a2b5f205314e5802\vista32\camext40v32.ax (Trojan.Hiloti) -> No action taken.

(end)

 

Please can you tell me if these are false positives.

 

Best regards

 

Roy

 

 

CamExt40V64.zip

[miekiemoes]

Hi,

 

This looks like a false positive indeed, but It looks like you attached the wrong file since I cannot reproduce detection here.

Can you attach the CamExt40V32.ax instead of CamExt40V64.ax? This so we know what to fix

 

Edited to add.. Found the correct file via another source already.

This will be fixed in next database update.

 

Thanks

Edited October 23, 2013 by miekiemoes

[yogibear]

miekiemoes

Many thanks for your prompt reply to my query yesterday.

Just to let you know that the scan is now coming up clean.

Best Regards

Roy

[miekiemoes]

Good to hear