Backdoor.bot help me please.

[Daily]

The URLs are further up in the discussion.

[Daily]

Thank you!

[floridakeyslover]

After reinstalling I am now getting Backdoor.Bots in the same files as you. I am going to run that FARBAR program https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/  .

I think these are false positives like aura said. This is just to weird. I personally think it is something in the recent updates that is causing these problems.

 

[Daily]

Not sure. The postbuild.exe files are just sitting there in my Scanresults folder and Malwarebytes isn't picking them up.

[Daily]

Malwarebytes just picked up 1 of the 2 Backdoor.bot files. So I'll have to reboot the system in about 10 minutes. Also, both postbuild.exe files have disappeared from the SCANRESULTS folder. There are now duplicates of some files in MBAMservice for some reason(have not rebooted system yet).

Edited November 12, 2017 by Daily
Discovery

[floridakeyslover]

Hi Daily. I removed the new MB from my computer again and I had a copy of MB 3.1.2 install so I installed that version on my computer. I ran a scan and I had no problems what so ever after 388,733 files scanned. I think what we are getting are false positives and there is a bug in this new version.

[Daily]

Perhaps. I'll wait and see what the staff have to say about the problem. My paranoia is huge lol. Thanks for keeping me up to date Floridakeyslover.

Edited November 12, 2017 by Daily

[floridakeyslover]

LOL so is mine my friend but just in case this is for you http://filehippo.com/download_malwarebytes_3/75806/

I feel a little better now after running that scan with no problems. I will update to the new version if I hear it is false positives. Let me know if you hear anything first and I will do the same.

[Daily]

Yes for sure! Thanks for going through this with me haha.

[floridakeyslover]

No problem my friend. Going to eat dinner now. Have a great night Daily.

[Daily]

I have just rebooted the system. No sign of postbuild.exe in SCANRESULTS folder. Her'es the scan log

-Log Details-
Scan Date: 11/12/17
Scan Time: 2:51 PM
Log File: 039adea8-c7fc-11e7-b4c8-08606e8b88da.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3238
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VirgilYau-PC\Virgil Yau

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386939
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 44 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-U.MBAM, Delete-on-Reboot, [48], [456339],1.0.3238
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [4976], [454808],1.0.3238
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [4976], [454808],1.0.3238
PUP.Optional.ASK, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [527], [454829],1.0.3238
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [4976], [454808],1.0.3238
PUP.Optional.Conduit, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454835],1.0.3238

Physical Sector: 0
(No malicious items detected)

(end)

[Daily]

The postbuild files are back.

 

[Aura]

Just to let you know guys that someone from the Research Team is going to take a look at this tomorrow (on Monday) when they get to work.

For now, please sit tight.

Thank you!

[Daily]

Thanks for the help Aura!

[shadowwar]

These were false positives on the backdoor.bot detections. This is fixed in recent databases since yesterday.

[Daily]

Thanks for the help!

[Aura]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!