Jump to content

Trojan.Agent.Gen, C:\Windows\System32\msiexec.exe


leobando

Recommended Posts

I have Windows 8.1 update 1 with a fresh installation, every time I patched and installed new software I run a custom scan with Malwarebytes on the C drive and it always result clean.

After joining the domain I run a custom scan again and I am getting this attached log saying that my msiexec.exe is infected, is this a false positive?

Thank you

 

 

 

Link to post
Share on other sites

Here there is my second scanning log with rootkit off. Thanks

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 8/12/2014

Scan Time: 1:43:42 PM

Logfile: log1.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.12.11

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: *********

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 440961

Time Elapsed: 15 min, 15 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 20

Trojan.Agent.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\msiserver, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-0012-0000-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-0016-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-0018-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-0019-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-001A-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-001B-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-001F-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-001F-040C-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-001F-0C0A-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-002C-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-006E-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00A1-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00BA-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00C1-0000-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00C1-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00E1-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-00E2-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{90150000-0115-0409-1000-0000000FF1CE}, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AC76BA86-7AD7-1033-7B44-AB0000000001}, , [87343d880378aa8c84156dbd976c11ef],

Registry Values: 3

Trojan.Agent.Gen, HKU\S-1-5-21-2207697341-1954143933-1578512429-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|1, C:\Windows\System32\msiexec.exe /x {9813DD3F-A28E-4B98-ACDE-12A3AB1C42E4} /qn  [87343d880378aa8c84156dbd976c11ef]

Trojan.Agent.Gen, HKU\S-1-5-21-2207697341-1954143933-1578512429-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|3, C:\Windows\System32\MsiExec.exe /x {BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} /qn, , [87343d880378aa8c84156dbd976c11ef]

Trojan.Agent.Gen, HKU\S-1-5-21-2207697341-1954143933-1578512429-2791-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|2, C:\Windows\SysWOW64\msiexec.exe /x {04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E} /qn

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

 

Files: 2

Trojan.Agent.Gen, C:\Windows\System32\msiexec.exe, , [87343d880378aa8c84156dbd976c11ef],

Trojan.Agent.Gen, C:\Windows\SysWOW64\msiexec.exe, , [972442837a0161d5f2a734f649ba8e72],

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.