tmc_pat Posted October 20, 2014 ID:893156 Share Posted October 20, 2014 This morning, MEE quarantined 100 threats from different clients related to the Fujitsu Scan Snap program, labeling them as "Spyware.Zbot.VXGen". It's the same four .exe's on each client. I restored the four .exe's on one client and ran a scan, attached is the zip file. Nothing new was installed recently, the only difference is the new definitions. ------------------------------------------ Malwarebytes Anti-Malware (MEE) 1.75.0.1300www.malwarebytes.org Database version: v2014.10.20.04 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Desksupport :: UCT258652PARK [administrator] Protection: Enabled 10/20/2014 10:35:37 AMMBAM-log-2014-10-20 (14-30-11).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 943563Time elapsed: 41 minute(s), 50 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 4C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLaunDone.exe (Spyware.Zbot.VXGen) -> No action taken. [9064c4525725b581c200c1fc6b96a35d]C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardRegClear.exe (Spyware.Zbot.VXGen) -> No action taken. [6d871df94e2e0b2bdbe7beff639e9c64]C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardRegRunOff.exe (Spyware.Zbot.VXGen) -> No action taken. [5f955cba43397fb70cb6615c33ce11ef]C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardRegRunOn.exe (Spyware.Zbot.VXGen) -> No action taken. [b63e0214e795d4623191605d8c7557a9] (end) CardLaunDone.zip Link to post Share on other sites More sharing options...
Staff shadowwar Posted October 20, 2014 Staff ID:893228 Share Posted October 20, 2014 This was fixed early this morning and should no longer be detected if you update. The files you attached arent currently detected on my end. Link to post Share on other sites More sharing options...
tmc_pat Posted October 21, 2014 Author ID:893547 Share Posted October 21, 2014 Thank you, Shadowwar. Link to post Share on other sites More sharing options...
Staff shadowwar Posted October 21, 2014 Staff ID:893705 Share Posted October 21, 2014 Anytime! They were added to the filter servers to prevent them from being hit in future. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now