Jump to content

Recommended Posts

Here you go:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/13/2014
Scan Time: 12:22:45 AM
Logfile: MBLOG.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.12.11
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: [you don't need my username]

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 205359
Time Elapsed: 12 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.0Access, C:\Windows\System64, , [7ffe07d7502adb5b75c2f60ccc34b34d],

Files: 3
Trojan.0Access, C:\Windows\System64\msvcp100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],
Trojan.0Access, C:\Windows\System64\msvcr100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],
Trojan.0Access, C:\Windows\System64\vcomp100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Staff

Plus these are definately zeroaccess paths

 

https://www.google.com/search?q=+C%3A\Windows\System64\msvcp100.d&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=%22C%3A\Windows\System64\msvcp100.dll%22&rls=org.mozilla:en-US:official

 

The files may be legit but they shouldnt be located there.

 

They are basically misused legit detections.

 

I would have to say this is a correct detection.

Link to post
Share on other sites

  • Staff

These are legit microsoft files that are used by Zeroaccess from that location. So the detection is correct in this case.

 

The rootkit module is picking this up because its zeroaccess related. Look at the google searh i provided.

 

 

These files would only be detected from this location.

 

There should never be a system64 folder in a stock install of windows.

 

the correct folder for 64 bit windows would be syswow64

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.