Jump to content

Chrome.exe Backdoor.Bot (also delegate_execute.exe and updater.exe)


Recommended Posts

post-181241-0-06300400-1420566117_thumb.Hey there,

 

I think this is a false positive because mbam suddenly quarantied pretty much my whole Chrome Folder and blocked everything as "Backdoor.Bot".

 

See Images + logs:

 

post-181241-0-06300400-1420566117_thumb.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06.01.2015
Scan Time: 18:32:15
Logfile: log2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.06.07
Rootkit Database: v2015.01.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sneida

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 179
Time Elapsed: 0 min, 16 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Backdoor.Bot, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DELEGATE_EXECUTE.EXE, , [ef406a8a5732da5c3733b451a35fb44c],
Backdoor.Bot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DELEGATE_EXECUTE.EXE, , [ef406a8a5732da5c3733b451a35fb44c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe, , [a28d19dba2e79d99135726df956dcd33],
Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe, , [ef406a8a5732da5c3733b451a35fb44c],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 06.01.2015 12:32:14, SYSTEM, MR_SNEIDA______, Scheduler, Failed, Unable to access update server,
Update, 06.01.2015 13:10:06, SYSTEM, MR_SNEIDA______, Scheduler, Malware Database, 2015.1.5.13, 2015.1.6.3,
Protection, 06.01.2015 13:10:06, SYSTEM, MR_SNEIDA______, Protection, Refresh, Starting,
Protection, 06.01.2015 13:10:06, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopping,
Protection, 06.01.2015 13:10:07, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopped,
Protection, 06.01.2015 13:10:12, SYSTEM, MR_SNEIDA______, Protection, Refresh, Success,
Protection, 06.01.2015 13:10:12, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Starting,
Protection, 06.01.2015 13:10:12, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Started,
Update, 06.01.2015 15:34:11, SYSTEM, MR_SNEIDA______, Scheduler, Malware Database, 2015.1.6.3, 2015.1.6.4,
Protection, 06.01.2015 15:34:11, SYSTEM, MR_SNEIDA______, Protection, Refresh, Starting,
Protection, 06.01.2015 15:34:11, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopping,
Protection, 06.01.2015 15:34:11, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopped,
Protection, 06.01.2015 15:34:16, SYSTEM, MR_SNEIDA______, Protection, Refresh, Success,
Protection, 06.01.2015 15:34:16, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Starting,
Protection, 06.01.2015 15:34:16, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Started,
Update, 06.01.2015 18:13:32, SYSTEM, MR_SNEIDA______, Scheduler, Rootkit Database, 2014.12.30.1, 2015.1.6.1,
Update, 06.01.2015 18:13:37, SYSTEM, MR_SNEIDA______, Scheduler, Malware Database, 2015.1.6.4, 2015.1.6.7,
Protection, 06.01.2015 18:13:37, SYSTEM, MR_SNEIDA______, Protection, Refresh, Starting,
Protection, 06.01.2015 18:13:37, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopping,
Protection, 06.01.2015 18:13:38, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Stopped,
Protection, 06.01.2015 18:13:46, SYSTEM, MR_SNEIDA______, Protection, Refresh, Success,
Protection, 06.01.2015 18:13:46, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Starting,
Protection, 06.01.2015 18:13:46, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Started,
Detection, 06.01.2015 18:13:47, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Detection, 06.01.2015 18:15:20, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Detection, 06.01.2015 18:15:27, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Detection, 06.01.2015 18:15:30, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Detection, 06.01.2015 18:15:40, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Detection, 06.01.2015 18:15:45, Sneida, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine Failed, 5, Access is denied.  , [e94664908900dd59600a29dcb9494fb1]
Protection, 06.01.2015 18:16:51, SYSTEM, MR_SNEIDA______, Protection, Malware Protection, Starting,
Protection, 06.01.2015 18:16:51, SYSTEM, MR_SNEIDA______, Protection, Malware Protection, Started,
Protection, 06.01.2015 18:16:52, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Starting,
Protection, 06.01.2015 18:16:52, SYSTEM, MR_SNEIDA______, Protection, Malicious Website Protection, Started,
Detection, 06.01.2015 18:20:03, SYSTEM, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe, Quarantine, [d35c49ab5633ce68b1b9cb3a21e11ee2]
Detection, 06.01.2015 18:25:03, SYSTEM, MR_SNEIDA______, Protection, Malware Protection, File, Backdoor.Bot, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Quarantine, [ca6524d099f03bfbda9064a1719128d8]

(end)

 

HitmanPro and ESET didn't dedect anything. I also did a "threat scan" with mbam and nothing else was found on the System?

 

Thanks

Link to post
Share on other sites

  • Root Admin

Please update MBAM again and post back a new log. Those should not be detected anymore

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.