Stompa Posted April 28, 2009 ID:76736 Share Posted April 28, 2009 Malwarebytes has just flagged up C:\WINDOWS\jestertb.dll as being Trojan.Agent.Here's the log:----------Malwarebytes' Anti-Malware 1.36Database version: 2053Windows 5.1.2600 Service Pack 228/04/09 09:43:05mbam-log-2009-04-28 (09-42-55).txtScan type: Quick ScanObjects scanned: 81899Time elapsed: 2 minute(s), 56 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\jestertb.dll (Trojan.Agent) -> No action taken. [3857535134303627615642473748565261757084857083856715697777]----------I've submitted jestertb.dll to VirusTotal, and none of the scanners report it as being suspicious. Could this be a false positive?Thanks Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76739 Share Posted April 28, 2009 Hi,Even though none of the scanners flag it as infected, why do you suspect this file is legitimate? Can you tell me what program installed it?A quick googlesearch also shows that this file means trouble.Funny that no one reported this as a possible False positive previously since this detection is already present for a long time in the database.Anyway, it's always a good idea to upload the file here: http://www.malwarebytes.org/forums/index.php?showforum=55Thank you Link to post Share on other sites More sharing options...
mona7865 Posted April 28, 2009 ID:76742 Share Posted April 28, 2009 I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home. Link to post Share on other sites More sharing options...
Stompa Posted April 28, 2009 Author ID:76743 Share Posted April 28, 2009 Even though none of the scanners flag it as infected, why do you suspect this file is legitimate?I'm basing that on the multiple scanner result.Can you tell me what program installed it?Unfortunately not. If the file date is anything to go by it's been present on my PC for around 3 years.A quick googlesearch also shows that this file means trouble.Funny that no one reported this as a possible False positive previously since this detection is already present for a long time in the database.Interesting. I've done a number of malwarebytes scans in the last few weeks, and this is the first time it's been reported (which I guess makes it more suspicious).Anyway, it's always a good idea to upload the file here: http://www.malwarebytes.org/forums/index.php?showforum=55Thank you OK, I've done so. Thanks. Link to post Share on other sites More sharing options...
Stompa Posted April 28, 2009 Author ID:76744 Share Posted April 28, 2009 I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home.Interesting. I've just done an SAS scan and it was clear. It didn't flag this file. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76746 Share Posted April 28, 2009 I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home.Funny. SAS flags it too, then mbam doesn't flag it and vice versa.. Anyway, thanks for the file. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76747 Share Posted April 28, 2009 One of its strings says: "3rdeye_tb_hacking_dll", which brings me here: http://www.flashjester.com/?section=tricks_creatorAnyone of you have this installed?According to google, looks like many scanners have been flagging this file as well, which actually doesn't suprise me since this file doesn't have a version present - and that makes files extra suspicious Anyway, I'll pass it on so detection will be removed. Link to post Share on other sites More sharing options...
mona7865 Posted April 28, 2009 ID:76749 Share Posted April 28, 2009 Miekiemoes, yesterday I had to install InterActual Player because my little niece wanted to see/play the bonus options on the Cinderella DVD (from Disney). When installing, I didn't get any warnings from MBAM nor Online Armor or AVG 8.5 so I considered it save to install. Link to post Share on other sites More sharing options...
Stompa Posted April 28, 2009 Author ID:76750 Share Posted April 28, 2009 One of its strings says: "3rdeye_tb_hacking_dll", which brings me here: http://www.flashjester.com/?section=tricks_creatorAnyone of you have this installed?According to google, looks like many scanners have been flagging this file as well, which actually doesn't suprise me since this file doesn't have a version present - and that makes files extra suspicious Anyway, I'll pass it on so detection will be removed.Thanks for this info. I've not had flashjester installed. However, I was working on a software development project a few years ago with someone who was using Jugglor, which gets a mention here:http://www.flashjester.com/forum/showflat....4&Main=5482and the 21504 filesize matches my file. I was running software that he had produced so I guess maybe it got installed then. This would mean that it has been on my PC for several years. Given that you mentioned that this detection has been in the database for a long while, is there any reason why it should only have flagged the file now? I've run Malwarebytes 7 times in the last 16 days, and it didn't flag this file on any of those occasions..... Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76752 Share Posted April 28, 2009 It's indeed strange Stompa, unless you had something similar as mona7865 had recently Link to post Share on other sites More sharing options...
Stompa Posted April 28, 2009 Author ID:76754 Share Posted April 28, 2009 It's indeed strange Stompa, unless you had something similar as mona7865 had recently Hmmm, I'm pretty sure the file must have been there a long time. Either way, I'm now reasonably sure that it's safe to leave it. Thanks very much for your help and speedy response. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76759 Share Posted April 28, 2009 You're most welcome Link to post Share on other sites More sharing options...
mona7865 Posted April 28, 2009 ID:76795 Share Posted April 28, 2009 FWIW:Log from quick scan which I ran yesterday evening before shutting down and after installing InterActual Player:Malwarebytes' Anti-Malware 1.37 ( = beta version three)Database version: 2050Windows 5.1.2600 Service Pack 327/04/2009 22:32:52mbam-log-2009-04-27 (22-32-52).txtScan type: Quick ScanObjects scanned: 88856Time elapsed: 4 minute(s), 55 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Scan run this morning after scheduled update:Malwarebytes' Anti-Malware 1.37Database version: 2051Windows 5.1.2600 Service Pack 328/04/2009 4:50:23mbam-log-2009-04-28 (04-50-23).txtScan type: Quick ScanObjects scanned: 88838Time elapsed: 5 minute(s), 4 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Scheduled SAS scan:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 04/28/2009 at 06:06 AMApplication Version : 4.26.1000Core Rules Database Version : 3868Trace Rules Database Version: 1816Scan type : Quick ScanTotal Scan Time : 00:21:36Memory items scanned : 810Memory threats detected : 0Registry items scanned : 681Registry threats detected : 0File items scanned : 11768File threats detected : 1Adware.SeekSuggest C:\WINDOWS\JESTERTB.DLLAnd finally: scheduled scan after updating to database version 2053:Malwarebytes' Anti-Malware 1.37Database version: 2053Windows 5.1.2600 Service Pack 328/04/2009 17:06:00mbam-log-2009-04-28 (17-05-51).txtScan type: Quick ScanObjects scanned: 88943Time elapsed: 5 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\JESTERTB.DLL (Trojan.Agent) -> No action taken.Sinde I don't find much information about this InterActual Player I would like to know whether it is safe to keep it installed (as I'm sure I'll need it again for this Cinderella DVD).Heartfelt thanks. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76825 Share Posted April 28, 2009 Yes, keep it installed. Link to post Share on other sites More sharing options...
mona7865 Posted April 28, 2009 ID:76845 Share Posted April 28, 2009 Thank you very much for looking into this. You've set my mind at rest. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 28, 2009 Staff ID:76847 Share Posted April 28, 2009 You're most welcome Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77468 Share Posted April 30, 2009 i have yesterday the same thing!Only in Quickscan, in fullscan this File clean! Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 30, 2009 Staff ID:77469 Share Posted April 30, 2009 i have yesterday the same thing!You should update Mbam, because detection for this was already removed since 2 days ago Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77471 Share Posted April 30, 2009 You should update MbamDone! Also: C:\ Windows\ eSellerateEngine.dll !! Also False Postiv !! Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77473 Share Posted April 30, 2009 this was already removed since 2 days agoError! 1 Day , i have yesterday 15:00 scan with Quicksan: Trojaner! In Fullscan: no Trojaner! Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 30, 2009 Staff ID:77474 Share Posted April 30, 2009 Done! Also: C:\ Windows\ eSellerateEngine.dll !! Also False Postiv !That's fixed already as well. Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77476 Share Posted April 30, 2009 Sorry, you have right: 2 Days! Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77477 Share Posted April 30, 2009 Can you help me please here: Click Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 30, 2009 Staff ID:77479 Share Posted April 30, 2009 I can't help you with your other problem. That's something for the mbam developers. But I'm sure they will read it and fix it in next update Link to post Share on other sites More sharing options...
Oldviking Posted April 30, 2009 ID:77482 Share Posted April 30, 2009 Thank you! I have this Problem only of my Notebook, of my PC not!Back to False Postiv Files: this 2 Files i have installed in 2007, my Kaspersky Security Suite scan my System every Week ! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now