Jump to content

FP Trojan.Dropper in font file?


snorlax

Recommended Posts

Hello...just ran a scan and MBAM found Trojan.dropper in a file. I scanned the file with PCTOOLS Spyware Doctor and it showed no problem. Symanted AV revealed no problem when I scanned the file. Spybot S&D reported no problems in a scan.

I have pasted in the log from the /developer scan per your instructions.

I have noticed several things about finding trojans in font files or zipped font files...is this typical? Thank you.

I tried to upload the file to you but I was not allowed to do so.

Jim Williams

Malwarebytes' Anti-Malware 1.39

Database version: 2541

Windows 5.1.2600 Service Pack 3

8/1/2009 2:25:43 PM

mbam-log-2009-08-01 (14-25-23).txt

Scan type: Quick Scan

Objects scanned: 92800

Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615270688683748590013670798570839334798574557483868437748466677770478

0

857471903018130117]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615270688683748590013670798570839339748370886677773774846667777047808

5

7471903018130117]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615270688683748590013670798570839354816966857084377484666777704780857

4

71903018130117]

Folders Infected:

(No malicious items detected)

Files Infected:

c:\downloads\Sibelius Fonts for Finale.exe (Trojan.Dropper) -> No action taken. [5253514247405230211726231301182518383725192338242317173938211817353439382421202

02519242118193817351821393934242217362325222518351824211738351825262117243534362

5

17362219172226382619353438243724211735343837371823382034211717251735393917263817

3

7382221203735191922171821233717212223392535]

Link to post
Share on other sites
Hi,

Any chance you could zip up and attach that file please?

I am doubtful that is a false positive because font files are not usually packaged as executables <_<

It is a zip file in exe form, I think...it would not allow me to attach the file. If I change the extension to .xyz, can I then upload it??

I'm on another computer now, but I can run upstairs and try it.

Link to post
Share on other sites

OK...here it is.

Please change the extension FROM .txt TO .exe.

Another bit of info: A loooong time ago, I executed the file and it created a folder with fonts and font annotation files.

I scanned that directory with MBAM and it came up perfectly clean.

I am also going to see if I have the file on my other machine & will scan it there as well.

Thank you for your time and help!!

Sibelius_Fonts_for_Finale.txt

Sibelius_Fonts_for_Finale.txt

Link to post
Share on other sites
This is fixed in the next update .

Good to know...I was going to say this:

*the same file is on my other computer. I scanned it using database 2538 and it found nothing.

Then I updated to database 2541 and the problem arose.

When will the next update be available.

Again, thanks to all for your efforts!! <_<

Jim W.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.