Jump to content

Yoummuu

Recommended Posts

I think MBAM just got me a false positive result.After  a threat scan it found that the registry \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update with data on C:\Users\wcwra\AppData\Local\Microsoft Windows|svchost.exe is a backdoor.bot,I went to the folder and it was empty,just a svchost.exe.config.

backdoor.txt

Link to post
Share on other sites

  • Staff

There was malware there at sometime. Represented by the svchost.exe.config

This wasnt a fp but something delete the file and left the runkey behind.

Svchost.exe should not be located in that folder.

Usually the fake svchost.exe are located alongside a config file.

Its ok to let mbam delete the runkey trace.

Link to post
Share on other sites

thanks for the quick awnser,I asked a friend to check this folder aswell and he had a svchost.exe.config aswell so I assumed this was ok,I have the registry quarantined.I am little paranoid though since the registry key was found 3 days ago,I realised it and quarantined it yesterday,is there something I can further do?

Edited by Yoummuu
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.