Jump to content

jestertb.dll


Stompa

Recommended Posts

Malwarebytes has just flagged up C:\WINDOWS\jestertb.dll as being Trojan.Agent.

Here's the log:

----------

Malwarebytes' Anti-Malware 1.36

Database version: 2053

Windows 5.1.2600 Service Pack 2

28/04/09 09:43:05

mbam-log-2009-04-28 (09-42-55).txt

Scan type: Quick Scan

Objects scanned: 81899

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\jestertb.dll (Trojan.Agent) -> No action taken. [3857535134303627615642473748565261757084857083856715697777]

----------

I've submitted jestertb.dll to VirusTotal, and none of the scanners report it as being suspicious. Could this be a false positive?

Thanks

Link to post
Share on other sites

  • Staff

Hi,

Even though none of the scanners flag it as infected, why do you suspect this file is legitimate? Can you tell me what program installed it?

A quick googlesearch also shows that this file means trouble.

Funny that no one reported this as a possible False positive previously since this detection is already present for a long time in the database.

Anyway, it's always a good idea to upload the file here: http://www.malwarebytes.org/forums/index.php?showforum=55

Thank you :P

Link to post
Share on other sites

I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home.

Link to post
Share on other sites

Even though none of the scanners flag it as infected, why do you suspect this file is legitimate?

I'm basing that on the multiple scanner result.

Can you tell me what program installed it?

Unfortunately not. If the file date is anything to go by it's been present on my PC for around 3 years.

A quick googlesearch also shows that this file means trouble.

Funny that no one reported this as a possible False positive previously since this detection is already present for a long time in the database.

Interesting. I've done a number of malwarebytes scans in the last few weeks, and this is the first time it's been reported (which I guess makes it more suspicious).

Anyway, it's always a good idea to upload the file here: http://www.malwarebytes.org/forums/index.php?showforum=55

Thank you :P

OK, I've done so. Thanks.

Link to post
Share on other sites

I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home.

Interesting. I've just done an SAS scan and it was clear. It didn't flag this file.

Link to post
Share on other sites

  • Staff
I had exactly the same file flagged by my daily SAS scan this morning (for the very first time) (MBAM quick scan was clear). I intended to do some research before posting about his. I'm at the office now but, if wanted, I'll post both logs this evening when I'm at home.
Funny. SAS flags it too, then mbam doesn't flag it and vice versa..

Anyway, thanks for the file. :P

Link to post
Share on other sites

  • Staff

One of its strings says: "3rdeye_tb_hacking_dll", which brings me here: http://www.flashjester.com/?section=tricks_creator

Anyone of you have this installed?

According to google, looks like many scanners have been flagging this file as well, which actually doesn't suprise me since this file doesn't have a version present - and that makes files extra suspicious :P

Anyway, I'll pass it on so detection will be removed.

Link to post
Share on other sites

Miekiemoes, yesterday I had to install InterActual Player because my little niece wanted to see/play the bonus options on the Cinderella DVD (from Disney). When installing, I didn't get any warnings from MBAM nor Online Armor or AVG 8.5 so I considered it save to install. :P

Link to post
Share on other sites

One of its strings says: "3rdeye_tb_hacking_dll", which brings me here: http://www.flashjester.com/?section=tricks_creator

Anyone of you have this installed?

According to google, looks like many scanners have been flagging this file as well, which actually doesn't suprise me since this file doesn't have a version present - and that makes files extra suspicious :P

Anyway, I'll pass it on so detection will be removed.

Thanks for this info. I've not had flashjester installed. However, I was working on a software development project a few years ago with someone who was using Jugglor, which gets a mention here:

http://www.flashjester.com/forum/showflat....4&Main=5482

and the 21504 filesize matches my file. I was running software that he had produced so I guess maybe it got installed then. This would mean that it has been on my PC for several years. Given that you mentioned that this detection has been in the database for a long while, is there any reason why it should only have flagged the file now? I've run Malwarebytes 7 times in the last 16 days, and it didn't flag this file on any of those occasions.....

Link to post
Share on other sites

It's indeed strange Stompa, unless you had something similar as mona7865 had recently :P

Hmmm, I'm pretty sure the file must have been there a long time. Either way, I'm now reasonably sure that it's safe to leave it. Thanks very much for your help and speedy response.

Link to post
Share on other sites

FWIW:

Log from quick scan which I ran yesterday evening before shutting down and after installing InterActual Player:

Malwarebytes' Anti-Malware 1.37 ( = beta version three)

Database version: 2050

Windows 5.1.2600 Service Pack 3

27/04/2009 22:32:52

mbam-log-2009-04-27 (22-32-52).txt

Scan type: Quick Scan

Objects scanned: 88856

Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Scan run this morning after scheduled update:

Malwarebytes' Anti-Malware 1.37

Database version: 2051

Windows 5.1.2600 Service Pack 3

28/04/2009 4:50:23

mbam-log-2009-04-28 (04-50-23).txt

Scan type: Quick Scan

Objects scanned: 88838

Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Scheduled SAS scan:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/28/2009 at 06:06 AM

Application Version : 4.26.1000

Core Rules Database Version : 3868

Trace Rules Database Version: 1816

Scan type : Quick Scan

Total Scan Time : 00:21:36

Memory items scanned : 810

Memory threats detected : 0

Registry items scanned : 681

Registry threats detected : 0

File items scanned : 11768

File threats detected : 1

Adware.SeekSuggest

C:\WINDOWS\JESTERTB.DLL

And finally: scheduled scan after updating to database version 2053:

Malwarebytes' Anti-Malware 1.37

Database version: 2053

Windows 5.1.2600 Service Pack 3

28/04/2009 17:06:00

mbam-log-2009-04-28 (17-05-51).txt

Scan type: Quick Scan

Objects scanned: 88943

Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\JESTERTB.DLL (Trojan.Agent) -> No action taken.

Sinde I don't find much information about this InterActual Player I would like to know whether it is safe to keep it installed (as I'm sure I'll need it again for this Cinderella DVD).

Heartfelt thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.