Jump to content

Trojan.Zbot - Empty folder at C:\ProgramData\TWAIN_32


Recommended Posts

Hello, Malwarebytes is claiming an empty folder at C:\ProgramData\TWAIN_32 could be malicious and possibly connected with Trojan.Zbot. I already posted about this in a separate thread earlier today ( https://forums.malwarebytes.org/index.php?/topic/164230-trojanzbot-type-folder/).

 

After the quick scan (log attached) I placed the folder in quarantine and performed scans with GMER and Microsoft Malicious Software Removal Tool. Both came up clean. I removed the folder from quarantine and confirmed with a console directory listing in case it had files with hidden attributes set that wouldn't appear in Explorer that it was indeed empty.

 

I'm now performing a second, custom scan with MBAM looking for all types of threats including rootkits to which I am 40 minutes into. I will post the results in this thread once the scan concludes. Between the ongoing scan and the one I carried out earlier today the database also received an update it seems.

 

It looks to me like this could be a false positive as I can't think of a way an empty folder could be malicious to my system. Like I posted in the previous thread I had been uninstalling old programs and checking for garbage files left behind by them when I found this, so could it be left over from uninstalling a program containing a trojan horse via their provided uninstaller? If someone could alleviate my anxiety over this it would be greatly appreciated. :)

mbam_log.txt

TWAIN_32.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.