Jump to content
MattH2580

Google Chrome nacl64.exe Backdoor.Bot (different to other post)

Recommended Posts

Here's another possible FP that popped up around 10 minutes ago for my MBAM. I was browsing imgur and gfycat prior, closed Chrome, and upon reopening I got this Backdoor.Bot warning.

 

I have blocked out the bookmark for my University's website for obvious anti-tracking reasons :) You don't know when someone will crawl the internet for my information!

 

http://i.imgur.com/GoAwj2a.png

 

Detection, 06/01/2015 17:13:45, SYSTEM, MATT-PC, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe, Quarantine

I've removed the ID because I'm unsure as to whether you should post that, but I'll happy give it to any staff who request it.

Share this post


Link to post
Share on other sites

Hello, can anyone from the MBAM confirm if nacl64.exe is indeed a false positive?  A google search of the hashtag brought back no results, thanks.

 

 Detection, 1/6/2015 12:11:39 PM, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe, Quarantine, [cb64dd17cabfda5c3e2cde276c9650b0]

Share this post


Link to post
Share on other sites

Also, I'd rather not attach the file to this post as I do not want to restore the file from quarantine until I know that it is safe to do so.

Share this post


Link to post
Share on other sites

I saw this backdoor.bot alert pop up on Chrome.exe about an hour ago. Had to delete Chrome and reinstall just so I could browse the web again. Then about 20 minutes later during a rescan I saw this backdoor.bot alert pop up on the nacl64.exe file. Thankfully I found this thread via Google. I just noticed the databases were updated so I'm running a 3rd scan just to make sure

Share this post


Link to post
Share on other sites

Rich has already indicated a fix has been pushed.
 
Please reference: Please read before reporting a false positive
 
Post #2

If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

 
Thank you for understanding.

Share this post


Link to post
Share on other sites

glad it is a FP and props for fast resolution by staff, but wow, this just made a bad day worse (I thought a cisco web conf chrome. ext I was using when the alert popped up was compromised)....eh, que sera sera

Share this post


Link to post
Share on other sites

this is a false positive. please update database in a few mins and it should no longer be detected.

 

I just had this happen today for first time and my portable version of Chrome has not changed in a long time.  Still a false positive?  Backdoor.bot in Chrome Portable nacl64.exe

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2015
Scan Time: 4:54:04 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.19.14
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
 

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 380954
Time Elapsed: 1 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Backdoor.Bot, F:\Google Chrome Portable\GoogleChromePortable\App\Chrome-bin\39.0.2171.71\nacl64.exe, Quarantined, [d5758f6a573262d47b33b65754ae33cd],

Physical Sectors: 0
(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Luddy:
 
What I wrote in Post #6 is for you as well.  If you have an issue, please start your own thread.

Please reference: Please read before reporting a false positive
 
Post #2

If you are not a member of Staff or Experts group please do not reply to other users posts in either the File or Web Blocking forums.

 
Thank you for understanding.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.