Daily Posted November 12, 2017 Author ID:1181959 Share Posted November 12, 2017 The URLs are further up in the discussion. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1181960 Share Posted November 12, 2017 Thank you! Link to post Share on other sites More sharing options...
floridakeyslover Posted November 12, 2017 ID:1181962 Share Posted November 12, 2017 After reinstalling I am now getting Backdoor.Bots in the same files as you. I am going to run that FARBAR program https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ . I think these are false positives like aura said. This is just to weird. I personally think it is something in the recent updates that is causing these problems. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1181965 Share Posted November 12, 2017 Not sure. The postbuild.exe files are just sitting there in my Scanresults folder and Malwarebytes isn't picking them up. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1181981 Share Posted November 12, 2017 (edited) Malwarebytes just picked up 1 of the 2 Backdoor.bot files. So I'll have to reboot the system in about 10 minutes. Also, both postbuild.exe files have disappeared from the SCANRESULTS folder. There are now duplicates of some files in MBAMservice for some reason(have not rebooted system yet). Edited November 12, 2017 by Daily Discovery Link to post Share on other sites More sharing options...
floridakeyslover Posted November 12, 2017 ID:1181989 Share Posted November 12, 2017 Hi Daily. I removed the new MB from my computer again and I had a copy of MB 3.1.2 install so I installed that version on my computer. I ran a scan and I had no problems what so ever after 388,733 files scanned. I think what we are getting are false positives and there is a bug in this new version. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1181990 Share Posted November 12, 2017 (edited) Perhaps. I'll wait and see what the staff have to say about the problem. My paranoia is huge lol. Thanks for keeping me up to date Floridakeyslover. Edited November 12, 2017 by Daily Link to post Share on other sites More sharing options...
floridakeyslover Posted November 12, 2017 ID:1181992 Share Posted November 12, 2017 LOL so is mine my friend but just in case this is for you http://filehippo.com/download_malwarebytes_3/75806/ I feel a little better now after running that scan with no problems. I will update to the new version if I hear it is false positives. Let me know if you hear anything first and I will do the same. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1181993 Share Posted November 12, 2017 Yes for sure! Thanks for going through this with me haha. Link to post Share on other sites More sharing options...
floridakeyslover Posted November 12, 2017 ID:1181995 Share Posted November 12, 2017 No problem my friend. Going to eat dinner now. Have a great night Daily. Link to post Share on other sites More sharing options...
Daily Posted November 12, 2017 Author ID:1182001 Share Posted November 12, 2017 I have just rebooted the system. No sign of postbuild.exe in SCANRESULTS folder. Her'es the scan log -Log Details- Scan Date: 11/12/17 Scan Time: 2:51 PM Log File: 039adea8-c7fc-11e7-b4c8-08606e8b88da.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3238 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: VirgilYau-PC\Virgil Yau -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 386939 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 44 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 6 Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-U.MBAM, Delete-on-Reboot, [48], [456339],1.0.3238 PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [4976], [454808],1.0.3238 PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [4976], [454808],1.0.3238 PUP.Optional.ASK, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [527], [454829],1.0.3238 PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [4976], [454808],1.0.3238 PUP.Optional.Conduit, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [579], [454835],1.0.3238 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Daily Posted November 13, 2017 Author ID:1182003 Share Posted November 13, 2017 The postbuild files are back. Link to post Share on other sites More sharing options...
Aura Posted November 13, 2017 ID:1182010 Share Posted November 13, 2017 Just to let you know guys that someone from the Research Team is going to take a look at this tomorrow (on Monday) when they get to work. For now, please sit tight. Thank you! Link to post Share on other sites More sharing options...
Daily Posted November 13, 2017 Author ID:1182013 Share Posted November 13, 2017 Thanks for the help Aura! Link to post Share on other sites More sharing options...
Staff shadowwar Posted November 14, 2017 Staff ID:1182650 Share Posted November 14, 2017 These were false positives on the backdoor.bot detections. This is fixed in recent databases since yesterday. Link to post Share on other sites More sharing options...
Daily Posted November 14, 2017 Author ID:1182680 Share Posted November 14, 2017 Thanks for the help! Link to post Share on other sites More sharing options...
Aura Posted November 14, 2017 ID:1182714 Share Posted November 14, 2017 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts