Jump to content

FP Trojan.Dropper in font file?


Recommended Posts

Hello...just ran a scan and MBAM found Trojan.dropper in a file. I scanned the file with PCTOOLS Spyware Doctor and it showed no problem. Symanted AV revealed no problem when I scanned the file. Spybot S&D reported no problems in a scan.

I have pasted in the log from the /developer scan per your instructions.

I have noticed several things about finding trojans in font files or zipped font files...is this typical? Thank you.

I tried to upload the file to you but I was not allowed to do so.

Jim Williams

Malwarebytes' Anti-Malware 1.39

Database version: 2541

Windows 5.1.2600 Service Pack 3

8/1/2009 2:25:43 PM

mbam-log-2009-08-01 (14-25-23).txt

Scan type: Quick Scan

Objects scanned: 92800

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688




HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688




HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688




Folders Infected:

(No malicious items detected)

Files Infected:

c:\downloads\Sibelius Fonts for Finale.exe (Trojan.Dropper) -> No action taken. [5253514247405230211726231301182518383725192338242317173938211817353439382421202






Link to post
Share on other sites


Any chance you could zip up and attach that file please?

I am doubtful that is a false positive because font files are not usually packaged as executables <_<

It is a zip file in exe form, I think...it would not allow me to attach the file. If I change the extension to .xyz, can I then upload it??

I'm on another computer now, but I can run upstairs and try it.

Link to post
Share on other sites

OK...here it is.

Please change the extension FROM .txt TO .exe.

Another bit of info: A loooong time ago, I executed the file and it created a folder with fonts and font annotation files.

I scanned that directory with MBAM and it came up perfectly clean.

I am also going to see if I have the file on my other machine & will scan it there as well.

Thank you for your time and help!!



Link to post
Share on other sites

This is fixed in the next update .

Good to know...I was going to say this:

*the same file is on my other computer. I scanned it using database 2538 and it found nothing.

Then I updated to database 2541 and the problem arose.

When will the next update be available.

Again, thanks to all for your efforts!! <_<

Jim W.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.