Jump to content

F/P Not sure.

Idontknowme

By Idontknowme
in File Detections

 Share

Recommended Posts

Idontknowme

Idontknowme

Posted
Posted

After doing some research on "KB913800.exe" it does seem like a real threat, but the virustotal scan contradict that.

http://www.virustotal.com/analisis/fdc4e74...e995c-124351137

Heres my Dev log:

Malwarebytes' Anti-Malware 1.37

Database version: 2252

Windows 5.1.2600 Service Pack 3

6/9/2009 1:41:15 AM

mbam-log-2009-06-09 (01-41-06).txt

Scan type: Quick Scan

Objects scanned: 96425

Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\kb913800.exe (Trojan.Banker) -> No action taken. [3857535134303627615642473748565261766726182025171715708970]

Link to post
Share on other sites
Idontknowme

Idontknowme

Posted
  • Author
Posted

I dont know why the file scanned in that was named "50e27ee500ce60bc5a62004932f21700513b6e3c.exe".... thats the link i got when i click on Permalink

But this new one should do it... http://www.virustotal.com/analisis/fdc4e74...995c-1244534473

I'm real sorry about this.

Link to post
Share on other sites
Blue452

Blue452

Posted
Posted

I also would like to know if this is a false positive. Below is my log:

Malwarebytes' Anti-Malware 1.37

Database version: 2252

Windows 5.1.2600 Service Pack 3

6/8/2009 10:00:50 PM

mbam-log-2009-06-08 (22-00-41).txt

Scan type: Quick Scan

Objects scanned: 96772

Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\kb913800.exe (Trojan.Banker) -> No action taken.

This is the second Trojan.Banker that MBAM has flagged on my comper. The first one, (HKEY_CURRENT_USER\SOFTWARE\Microsfot\Internet Explorer\International\W2KLpk (Trojan.Banker), was on Saturday. I had MBAM quarantine and delete it and then later restored it after I learned it was a false position. So, this time I decided to ask first before I take any further action.

Thank you.

Link to post
Share on other sites
Blue452

Blue452

Posted
Posted
You zipped your scan LOG , I need the FILE we detected .

Sorry about that.

Before I came on again, I did a scan with the latest definition 2256 and it showed no infection.

I'm clueless about the file that you needed. Are there instructions on how to do this for any future infection that shows up on my scan?

Thank you.

Hopefully next time I can do it right.

Blue452

Inexperience user

Link to post
Share on other sites
Blue452

Blue452

Posted
Posted
You zipped your scan LOG , I need the FILE we detected .

See also my response on Post #8. I couldn't figure out how to do a double quote.

I'm attaching the file you requested. I think I did it right. My friend told what to do. I went into c:\windows and found the file; copied it and zipped it. Hope this is what you wanted. Even though I said in Post #8 that database 2256 did not show an infection, will you please still check this file out that database 2252 flagged out as an infection.

Thank you.

kb913800.zip

kb913800.zip

Link to post
Share on other sites
Idontknowme

Idontknowme

Posted
  • Author
Posted
See also my response on Post #8. I couldn't figure out how to do a double quote.

I'm attaching the file you requested. I think I did it right. My friend told what to do. I went into c:\windows and found the file; copied it and zipped it. Hope this is what you wanted. Even though I said in Post #8 that database 2256 did not show an infection, will you please still check this file out that database 2252 flagged out as an infection.

Thank you.

Hey Blue452, i'm real sorry to cause you go all that even tho i was one who posted this. I left on a trip a few hours after i posted that log.... then completely forgotten about this. ANyways, good job ;) That false positive is now fixed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.