Malware1 Posted March 10, 2014 ID:801425 Share Posted March 10, 2014 Unfortunately I can't post a developer log, the files along with a normal log are attached.fp.zip Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 10, 2014 Staff ID:801462 Share Posted March 10, 2014 Need more information and a log as i cant duplicate here. all 3 files show up undetected. This doesnt seem to be a normal log that is attached? Link to post Share on other sites More sharing options...
Malware1 Posted March 11, 2014 Author ID:801870 Share Posted March 11, 2014 This is probably a log from MBAM 2.0. I submitted this in behalf of another user, I'll ask him. Link to post Share on other sites More sharing options...
Malware1 Posted March 13, 2014 Author ID:802688 Share Posted March 13, 2014 Here you go: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/13/2014Scan Time: 12:22:45 AMLogfile: MBLOG.txtAdministrator: YesVersion: 2.00.0.1000Malware Database: v2014.03.12.11Rootkit Database: v2014.02.20.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 8.1CPU: x86File System: NTFSUser: [you don't need my username]Scan Type: Threat ScanResult: CompletedObjects Scanned: 205359Time Elapsed: 12 min, 14 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1Trojan.0Access, C:\Windows\System64, , [7ffe07d7502adb5b75c2f60ccc34b34d],Files: 3Trojan.0Access, C:\Windows\System64\msvcp100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],Trojan.0Access, C:\Windows\System64\msvcr100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],Trojan.0Access, C:\Windows\System64\vcomp100.dll, , [7ffe07d7502adb5b75c2f60ccc34b34d],Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 13, 2014 Staff ID:802845 Share Posted March 13, 2014 Can u have them shut off rootkit scanning and rescan to see if detection goes away? Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 13, 2014 Staff ID:802849 Share Posted March 13, 2014 Plus these are definately zeroaccess paths https://www.google.com/search?q=+C%3A\Windows\System64\msvcp100.d&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=%22C%3A\Windows\System64\msvcp100.dll%22&rls=org.mozilla:en-US:official The files may be legit but they shouldnt be located there. They are basically misused legit detections. I would have to say this is a correct detection. Link to post Share on other sites More sharing options...
Malware1 Posted March 15, 2014 Author ID:803356 Share Posted March 15, 2014 Here's the reply: Nothing detected when rootkit is off If the path is used by legit application i think the detection should be removed. Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 15, 2014 Staff ID:803399 Share Posted March 15, 2014 These are legit microsoft files that are used by Zeroaccess from that location. So the detection is correct in this case. The rootkit module is picking this up because its zeroaccess related. Look at the google searh i provided. These files would only be detected from this location. There should never be a system64 folder in a stock install of windows. the correct folder for 64 bit windows would be syswow64 Link to post Share on other sites More sharing options...
Malware1 Posted March 15, 2014 Author ID:803472 Share Posted March 15, 2014 You're probably right, I'll tell him to remove the files. Link to post Share on other sites More sharing options...
eNdi Posted March 16, 2014 ID:803843 Share Posted March 16, 2014 I've had similiar problem. These files appeared after I've installed the latest Paint.net beta. This is probably an installation bug. Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 16, 2014 Staff ID:803876 Share Posted March 16, 2014 Do you have a link to the download so we can try to dupe this? Link to post Share on other sites More sharing options...
eNdi Posted March 16, 2014 ID:803904 Share Posted March 16, 2014 http://www.dotpdn.com/downloads/pdn.html Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 17, 2014 Staff ID:804233 Share Posted March 17, 2014 Hmm installing that above i cant seem to duplicate it. Do you have your mbam log showing these detections? Link to post Share on other sites More sharing options...
eNdi Posted March 17, 2014 ID:804394 Share Posted March 17, 2014 My Paint.net installation screencast: http://www.youtube.com/watch?v=pgPB5vWzBe0 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now