Jump to content

Recommended Posts

Hello, I have a problem with Malwarebytes. Yesterday I scanned my computer with that and Malwarebytes detected nothing. I scanned computer with Malwarebytes today and it detected 27 trojan agents. I don't know is this infection or false alarm. I don't know: should I remove this files? I attached scan log. Can someone help?

scan.txt

Link to post
Share on other sites
  • Staff

Hi,

Can you dequarantine the items that were found, then reboot and zip and attach the following file please?

 

C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IUser8.dll

 

Thanks!

 

Edited by miekiemoes
Link to post
Share on other sites
  • Staff

You can ignore these if you want - as they won't do anything without the file anyway.

In case you need to dequarantine, you only need to dequarantine the file. :)

Can you remember you had this variant (Tzeebot) once in the past? It's a few years old though and not being seen in the wild anymore, where another Antivirus has removed most of it already?

Edited by miekiemoes
Link to post
Share on other sites
  • Staff

I think you should be fine - this variant is dead for many years already. This file itself isn't infected though, so there's nothing to worry.

We will however remove detection for this file in next database update, as it's not a malicious file. It's just curious your log has all characteristics of this old variant.

Link to post
Share on other sites
35 minutes ago, Xord said:

FYI:  We had a few hundred alerts of exactly this too in our environment this past day.

Notification Catalog: Client

Description:

Malware threat detected, see details below:

 

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\CLSID\{FFD7B771-8ECA-45DE-A944-7B013C6C2DF5}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\IPW.User.1

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\IPW.User

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\TYPELIB\{6F8CDC9E-DB60-4935-A7ED-A7BE8EB2941B}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{093FB88F-A6A3-4999-897F-56F40B4CFCAD}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{1E512A8C-7375-4F79-9260-11B1F476F3A8}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{2CA491F2-DB7D-4A35-88B2-A00961598BB5}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{31B499B0-B759-44E2-8A98-5D8CE56CE20F}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{33618277-58AF-4F80-A6DD-2716F6146F9A}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{352F743D-092B-4FC5-BABF-BCF5443EBCEA}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{5FC196B5-34D2-4D23-B59E-4FA93C229564}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{663256A7-466C-4023-BD46-4DD6DF8B2F90}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{6E7D9436-492E-4290-A935-7D1A6B0D8BEA}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{74C46962-AC20-460E-B824-F8B9A67EB2F2}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{7B3B6B6D-9FC7-4CFA-8020-C3AD61B27F55}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{A2B0FEA2-C453-41F7-9E00-EF1F198DDA68}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{A4FAB52E-45B1-4A62-A85F-9E20567F5CC6}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{C6A51663-014C-4038-A996-5B98A89B15C4}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{C9D3A246-13AD-4CD6-8C3F-ED2BFE13CA72}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{CBF70AF9-A780-4527-93FA-0E98699D1415}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{D58FBBF8-3EC3-477C-8706-5C6C9AC8B3D4}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{DB3E9637-17D2-4E12-8F5C-A9D94E8703C2}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{E5A1C1F1-4493-41D6-BB44-1C050E702381}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{F9AD61BA-AEC0-4217-8311-C0A2ABC3FE7E}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{FB6C5D96-A3D2-4DAA-A518-A7164916B005}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined HKLM\SOFTWARE\CLASSES\INTERFACE\{FBFBB5AE-3CE2-482B-9CDB-DA67F7078007}

8/22/2016 4:37:48 AM CPUM156 172.30.121.164 Trojan.Agent Quarantined C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IUser8.dll

 

Total count: 27.

 

--------------------------------------------

Comment: This email was generated by Malwarebytes Management Server. Please do not reply to this message.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.