Need Help With These Scan Results

[floridakeyslover]

 

Hello my name is Don and I am a new member here in the forum. I hope this is the right area to get an explanation for this problem. I have had something strange pop up in my scan this weekend concerning Virus.Xpaj in my Malwarebyes program itself. I have also seen this with Backdoor.Bot but that seems to have stopped. I am wondering if anyone else has seen this type of behavior not necessarily with these but with something else in Malwarebytes files.  This has happened several times and each time I keep quarantining them, reboot and when I rerun my scan they keep coming back. I have done a full system scan with my NS, Microsoft  Scanner (MSERT), and also XpajKiller.exe.by Kapersky with all negative results. I have even removed Malwarebytes completely from my computer and reinstalled it yet I still get the same thing at times. I have seen no problems with slowness in my computer as I keep it running free of junk. Could someone please tell me what is going on and what I should do to get rid of this. This problem seems  to have started after I upgraded to  3.3.1.2183 from 3.2.2.2018. I am concerned whether this is a real problem with this virus and backdoor bot  or whether this is a false scan result. If this is a false scan result and other people are having this type of problem then I think the Malwarebytes engineers should look into this for a possible fix to keep this from happening if these are false positives. I have attached files that I hope helps.

Edited November 12, 2017 by floridakeyslover
mispelling

[Daily]

That's exactly what's happening to me right now, but it's backdoor.bot instead of Virus.xpaj. I've probably rebooted the system about 8 times due to malwarebytes detecting the malware. I tried to find the file location, but I only found JSON files in the SCANRESULTS folder. Sometimes, the backdoor.bot files don't even show up during the scans.

[floridakeyslover]

I am beginning to think there is a bug in the new Malwarebytes. The same thing happens to me like it will be there then it will not be there when I scan. This is to strange and to be in a Malwarebytes file is even stranger.

[Daily]

Go into your SCANRESULTS folder. I found the backdoor.bot files in there like just now. Keep the folder open and wait. Open start menu and search %programdata% and you can start going through the folders. Use the scan data as a guide to find the location. Right now I'm going to upload the files to VirusTotal. 

[shadowwar]

Files from rootkit scanning are copied from somewhere on your pc to that location to be thoroughly analyzed by the rootkit module. Backdoor.Bot was a fp and is already fixed in current databases.

But interesting that yours was detected as virus.xpaj which indicates it was detected by a different rule then what the fp was.

Can you please upload the postbuild file to https://www.virustotal.com/#/home/upload and copy and paste the link here?

 

[floridakeyslover]

3 hours ago, shadowwar said:

Files from rootkit scanning are copied from somewhere on your pc to that location to be thoroughly analyzed by the rootkit module. Backdoor.Bot was a fp and is already fixed in current databases.

But interesting that yours was detected as virus.xpaj which indicates it was detected by a different rule then what the fp was.

Can you please upload the postbuild file to https://www.virustotal.com/#/home/upload and copy and paste the link here?

 

Thank you for your reply Shadowwar. Since my post above I have removed MB bytes and reinstalled it to see if that would. I just ran another scan and I am still getting the virus as above in the same POSTBUILD files but when I go to Scan Results those files are not there and a search on my computer does not show them. I do want to point out to you that I was also getting the Backdoor.Bot as well as times. I would run it again and then the virus would show up but not the Bot. I am attaching the results of the scan I just ran. I am also sending you the link to the JASON scan results https://www.virustotal.com/#/file/72b776299f8517481fc300bfd0524f8496cd4354e78086971ac9e6add7dd0b06/detection   from today and from yesterday but https://www.virustotal.com/#/file/e879e2cbb81f86945152de16fc8992f345b6a081c5b61daf17091ec51569f628/detection . I do not see any POSTBUILD files in my scan results file like I said. I do want to let you know that I am not experiencing any problems with my computer nor have I ever downloaded anything from any site that is not trusted. My Norton Security scans are not picking up anything in full scans and the Power Eraser Scans. MSERT from Microsoft is not seeing anything neither. This started happening a few days ago and it was an all of a sudden these positive scan results popped up. One scan I would pick up the Backdoor.Bot then other scan I would pick up the Virus and not the Bot. Both would keep coming back after deleting and I have stopped deleting these as I am tired of doing system restarts to no avail.  I would greatly appreciate your help in getting this resolved. I feel these are also false positives. Thank you very much.

 

 

 

a26ed682-c95b-11e7-8c93-0027135c2568.txt

f36ff95b-c846-11e7-a89f-0027135c2568.txt

Edited November 14, 2017 by floridakeyslover
addition of attachments.

[floridakeyslover]

4 hours ago, shadowwar said:

Files from rootkit scanning are copied from somewhere on your pc to that location to be thoroughly analyzed by the rootkit module. Backdoor.Bot was a fp and is already fixed in current databases.

But interesting that yours was detected as virus.xpaj which indicates it was detected by a different rule then what the fp was.

Can you please upload the postbuild file to https://www.virustotal.com/#/home/upload and copy and paste the link here?

 

 

Please take a look at the TXT. files I attached as the scan results from today contains the Postbuild info.

[shadowwar]

Thanks but I really need the files themselves. Either virustotal as instructed or zipping and attaching the postbuild.exe here 

[whatoo]

I had the same thing happen. The Virus.xpaj was identified in the same Malwarebytes file. I posted my question on the Malwarebyes 3 topic, but I didn't understand the reply because my understanding of computer tech is very basic.  I will follow this and hopefully understand better. 

[shadowwar]

This might not be a false positive if it was detected as Virus.Xpaj.

Would need the files to confirm though.

If vt reports them as Virus.Xpaj from most vendors then i recommend downloading and running this tool from Kaspersky.

http://media.kaspersky.com/utilities/VirusUtilities/EN/xpajkiller.exe

 

[floridakeyslover]

1 hour ago, shadowwar said:

This might not be a false positive if it was detected as Virus.Xpaj.

Would need the files to confirm though.

If vt reports them as Virus.Xpaj from most vendors then i recommend downloading and running this tool from Kaspersky.

http://media.kaspersky.com/utilities/VirusUtilities/EN/xpajkiller.exe

 

Shadowwar I have no Postbuild files in my Program Data folder/Malwarebytes folder/ scan result file as I showed you above in my screen shots. I sent you the links from vt on what I could run. I have run xpaj killer once already yesterday with negative results and yet the same scan results keep coming back and I just ran it again and I am attaching the results. I find it strange the the member above is also experiencing the same identical thing as I am. I do not know what else I can do and I am getting to the point of just removing Malwarebytes all together. You are requesting things that I do not have to give you and what I do have I have sent to you. When I run Malwarebytes I get no threats then I turn around and run it again I get the two xpaj threats. I delete them and restart my computer and run Malwarebytes again and get no threats then run it again and I get the xpaj. I have uninstalled Malwarebytes and reinstalled it and the same thing happens all over again. This is so inconsistent and if it were a true infection then why would it not show up on every scan and why wouldn't xpaj killer see it . This is getting so aggravating.

 

Edited November 14, 2017 by floridakeyslover
adding attachment

[shadowwar]

Yeah it does sound like a false positive. Without the file we are detecting though it limits my options on figuring out what i need to do to fix this.

can i request one more log that should show me more on what may be happening.

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbamservice.log

If you can please attach it here it would be appreciated.

 

[floridakeyslover]

4 minutes ago, shadowwar said:

Yeah it does sound like a false positive. Without the file we are detecting though it limits my options on figuring out what i need to do to fix this.

can i request one more log that should show me more on what may be happening.

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbamservice.log

If you can please attach it here it would be appreciated.

 

Per your request

MBAMSERVICE.LOG

[shadowwar]

As far as virustotal. i think you just submitted our logs and not the actual file detected. That is what i need the u or k file that is in our directory. These are created by us during a scan. That is why its every other scan its detecting it most likely. The mbamservice.log should tell me more about that.

C:\\PROGRAMDATA\\MALWAREBYTES\\MBAMSERVICE\\SCANRESULTS\\POSTBUILD.EXE-K.MBAM

C:\\PROGRAMDATA\\MALWAREBYTES\\MBAMSERVICE\\SCANRESULTS\\POSTBUILD.EXE-U.MBAM

 

[shadowwar]

The mbamservice.log was enough to see what was going on.

I have corrected this as it definately was a fp and should be fixed in the next database update which will be in about 30 mins from now.

MBAM3 Version: 1.0.3256

[floridakeyslover]

1 minute ago, shadowwar said:

The mbamservice.log was enough to see what was going on.

I have corrected this as it definately was a fp and should be fixed in the next database update which will be in about 30 mins from now.

MBAM3 Version: 1.0.3256

Thank you, thank you. thank you !!!!!!!!! Would you please let the gentleman above know? Again thank you.

[shadowwar]

Thank you for sticking with me and helping me figure this out. 

will do.

 

[shadowwar]

This fix is public now.

[whatoo]

Thank you to shadowwar and also big thanks to floridakeyslover for your persistence in getting to the bottom of this!

[Joey2017]

Hi shadowwar, I had the same issue since couple of days ago.  I can't seem to get rid of Virus.Xpaj.  I believe it was initially detected a backdoor.bot or something alike.

[floridakeyslover]

7 hours ago, whatoo said:

Thank you to shadowwar and also big thanks to floridakeyslover for your persistence in getting to the bottom of this!

You are very welcome.

[floridakeyslover]

5 hours ago, Joey2017 said:

Hi shadowwar, I had the same issue since couple of days ago.  I can't seem to get rid of Virus.Xpaj.  I believe it was initially detected a backdoor.bot or something alike

I thought I would let you know that shadowwar has determined that the problems you are having are false positives but to make sure your problems are the same and you are getting these threats in the same files please read the thread above. Shadowar has put a public fix out a few hours ago. I would suggest that you run Malwarebytes again and it will pick up the updates when you do. Hopefully these threats will be gone.