Jump to content

Backdoor.Agent.DCGen Firefox.exe?


SafetyNet
 Share

Recommended Posts

Looking for some insight on this.  A PC I scanned came back this virus and is pointing to the user/cookies folder for Firefox.exe.  I have scanned other PCs in this organization they everyone is coming up with the same results.  These files do not exist on the PC.  They were tagged in the heuristics scan.   Is this something that is a false positive?

Thank you.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/18/2016
Scan Time: 12:51 PM
Logfile: Results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.17.07
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: safetynet

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 696769
Time Elapsed: 16 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 11
Backdoor.Agent.DCGen, c:\users\administrator\cookies\firefox\firefox.exe, , [68e30a90d9c19c9a069925d46a988e72], 
Backdoor.Agent.DCGen, c:\users\courtney\cookies\firefox\firefox.exe, , [6ae1c5d5c9d1ca6cf8a731c8d52d0bf5], 
Backdoor.Agent.DCGen, c:\users\development\cookies\firefox\firefox.exe, , [301b8f0bb9e1d75f455ae3167b87ee12], 
Backdoor.Agent.DCGen, c:\users\elizabeth\cookies\firefox\firefox.exe, , [ba917129c2d8f73f049bb247ed15a858], 
Backdoor.Agent.DCGen, c:\users\frontdesk\cookies\firefox\firefox.exe, , [2922c6d4a0fa9d99ddc2bd3c22e0649c], 
Backdoor.Agent.DCGen, c:\users\jenny\cookies\firefox\firefox.exe, , [e764900a693193a33867fbfe0cf619e7], 
Backdoor.Agent.DCGen, c:\users\madelyn\cookies\firefox\firefox.exe, , [d2794a5011895adc534c16e3709238c8], 
Backdoor.Agent.DCGen, c:\users\neva\cookies\firefox\firefox.exe, , [9fac9efc8f0b55e1f1ae34c52dd533cd], 
Backdoor.Agent.DCGen, c:\users\safetynet\cookies\firefox\firefox.exe, , [a0ab8c0ef1a943f3a4fb3abf21e1ab55], 
Backdoor.Agent.DCGen, c:\users\snksy\cookies\firefox\firefox.exe, , [d4776436ccce1c1aadf2bb3e04fea25e], 
Backdoor.Agent.DCGen, c:\users\***\cookies\firefox\firefox.exe, , [7ad1efab8614a78feeb138c1946e41bf], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

No out of the ordinary GPOs.  Just default domain with password policies.

Symantec.Cloud has no blocks or exclusions specified.  

 

Edit:  This folder it found is a Windows Junction Point folder that actually redirects to the C:\users\user\appdata\roaming\microsoft\windows\cookies   Yes, Access is denied on this folder by nature in windows.  You can get around it by taking ownership of it but it is just a shortcut to the mentioned path above.  

 

Even crazier is I have scanned PCs from different organizations under our management and this doesn't get flagged.   I have had this flagged on Windows 7 and Server 2012 on the affected organization

Link to post
Share on other sites

  • Staff

This is something that is unique to that environment for some reason. This def has been in quite a long time in our database. Something is denying access for our scan on that folder which causes the fp. Maybe try disabling any other security software one by one to see if the detection stops. Is this the free version of MBAM or paid?

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.