Jump to content
oldman960

SystemLook

Recommended Posts

Hi

SystemLook is a little utility used to find file, folders, reg keys etc.

Download Mirror #1

Download Mirror #2

Malwarebytes' Anti-Malware 1.38

Database version: 2325

Files Infected:

c:\SystemLook.exe (Trojan.Agent) -> Not selected for removal. [3857535134303627615290848570783232323215708970]

Share this post


Link to post
Share on other sites

This is a FP caused by aggressive detection in the root directory . If you wish to use root as a storage folder please use the ignore function on this file .

Moving this file to a more typical storage location will also correct this problem .

There is a major problem with malware launching from root and given that very few (if any) executables should be stored there MBAM is aggressive against them .

Share this post


Link to post
Share on other sites

I agree on not using the root to store things. Here is the contents of the root of my drive for files:

AUTOEXEC.BAT

boot.ini

CONFIG.SYS

IO.SYS

MSDOS.SYS

NTDETECT.COM

ntldr

pagefile.sys

Share this post


Link to post
Share on other sites

Hi

Thanks for the replies. That was suggested to me as the probable cause, but we just wanted confirmation.

I was working on a log in a malware forum where the OP didn't have a desktop. Since he had to use taskmanager to run anything, c:\ was used just to make it easier for him and in case variables didn't function as expected.

Thanks again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.