Jump to content

Trojan.Zbot - Empty folder at C:\ProgramData\TWAIN_32


nss

Recommended Posts

Hello, Malwarebytes is claiming an empty folder at C:\ProgramData\TWAIN_32 could be malicious and possibly connected with Trojan.Zbot. I already posted about this in a separate thread earlier today ( https://forums.malwarebytes.org/index.php?/topic/164230-trojanzbot-type-folder/).

 

After the quick scan (log attached) I placed the folder in quarantine and performed scans with GMER and Microsoft Malicious Software Removal Tool. Both came up clean. I removed the folder from quarantine and confirmed with a console directory listing in case it had files with hidden attributes set that wouldn't appear in Explorer that it was indeed empty.

 

I'm now performing a second, custom scan with MBAM looking for all types of threats including rootkits to which I am 40 minutes into. I will post the results in this thread once the scan concludes. Between the ongoing scan and the one I carried out earlier today the database also received an update it seems.

 

It looks to me like this could be a false positive as I can't think of a way an empty folder could be malicious to my system. Like I posted in the previous thread I had been uninstalling old programs and checking for garbage files left behind by them when I found this, so could it be left over from uninstalling a program containing a trojan horse via their provided uninstaller? If someone could alleviate my anxiety over this it would be greatly appreciated. :)

mbam_log.txt

TWAIN_32.zip

Link to post
Share on other sites

Unless you have some insight as to why a folder like this exists on your system it seems that it could only be a trace from a long dead zbot infection.

 

In any event keeping or deleting this folder will have no impact on your system.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.