Jump to content

Recommended Posts

Hello,

why can´t i am not removing/erase Trojan.Emotet.Trace.Generic with Malwarebytes Anti-Rootkit BETA 1.10.3.1001?!

Malwarebytes Anti-Rootkit BETA 1.10.3.1001, detect this crap, but can´t remove.

The last three reports:

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.12.01
  rootkit: v2018.08.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
XXXXXXXXXXXXXXX[administrator]

12.08.2018 09:18:32
mbar-log-2018-08-12 (09-18-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203239
Time elapsed: 18 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [129f5579982086b00758459fa35d768a]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [129f5579982086b00758459fa35d768a]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\44627198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


----

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.11.06
  rootkit: v2018.08.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
XXXXXXXXXXX [administrator]

11.08.2018 22:44:50
mbar-log-2018-08-11 (22-44-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203184
Time elapsed: 18 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [ff5367671a9ec472e27bf0f429d7ad53]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [ff5367671a9ec472e27bf0f429d7ad53]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\44627198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


----

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.11.05
  rootkit: v2018.08.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
XXXXXXXXXXX [administrator]

11.08.2018 20:07:51
mbar-log-2018-08-11 (20-07-51).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203133
Time elapsed: 19 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [70e1745a1b9d4de9411c8f55e0208f71]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [70e1745a1b9d4de9411c8f55e0208f71]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\44627198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


----

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.11.02
  rootkit: v2018.08.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
XXXXXXXXXX [administrator]

11.08.2018 15:22:02
mbar-log-2018-08-11 (15-22-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203286
Time elapsed: 17 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [85c94985d2e6d85e105fa93ba65ab14f]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [85c94985d2e6d85e105fa93ba65ab14f]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\44627198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


And so on....

???

MAM

 

 

Link to post
Share on other sites

And here is the Log too.

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.12.01
  rootkit: v2018.08.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18837
XXXXXXXXXXXXXXX [administrator]

12.08.2018 11:19:33
mbar-log-2018-08-12 (11-19-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 203223
Time elapsed: 17 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [278addf1d2e6c472065928bc0ef20cf4]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\44627198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [278addf1d2e6c472065928bc0ef20cf4]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\44627198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

Link to post
Share on other sites

Having the same issue here. I can't remove the Trojan.Emotet.Trace.Generic. Is this a false positive? Because I use Malwarebytes Anti-Rootkit 2-3 times week until today it suddenly found  Trojan.Emotet.Trace.Generic after updating its database. Here's the log:

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.12.01
  rootkit: v2018.08.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxxxxxxxxx [administrator]

8/12/2018 2:59:54 AM
mbar-log-2018-08-12 (02-59-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 197744
Time elapsed: 21 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\21525468 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [5d54626c0aae7eb8dd82e30157a92cd4]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\21525468|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [5d54626c0aae7eb8dd82e30157a92cd4]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
E:\Windows\System32\drivers\21525468.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

We are having the same issue.

If we look in C:\Windows\System32\Drivers there is not a *******.sys file. After we run Malwarebytes Root Kit, a sys file will show up with Malwarebytes SwissArmyKnife properties. This will also show as infected in the scan result. 

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.12.02
  rootkit: v2018.08.12.02

Windows 7 Service Pack 1 x64 CSC-CACHE
Internet Explorer 11.0.9600.19080
 

8/12/2018 9:48:05 AM
mbar-log-2018-08-12 (09-48-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 243787
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\22676530 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [ecc62aa4b6022b0bf55108dc926e8779]

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\22676530|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [ecc62aa4b6022b0bf55108dc926e8779]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\22676530.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Hey all, registered just to post here lol. I've been having this too. It's really strange since I ran the tool often and then all of the sudden it began giving me positive warnings. I've formatted the computer about 5 times now (was a busy weekend... and I'm serious, I was panicking) and last night I stayed up all night going through the handful of programs that I need to reinstall after a factory reset alongside AntiRootkit... And it just kept popping up! I felt I was about to cry lol! But now I'm really feeling it has to be a false positive of some sort unless I somehow managed to get infected immediately after formatting (as in, as soon as the desktop was available I downloaded AntiRootkit and it told me I had been trojan'd...)

 

I also asked my husband to run the tool on his computer, worried I may have infected his machine, but the tool didn't pick up anything on his.

 

Here's the log I got just a few seconds ago. I think I'm gonna hold off on formatting again. Shame cos if I had seen this thread before maybe I wouldn't have lost all of my stuff due to the formatting... Oh well...

 

Fingers crossed someone may be able to shed some light on the topic!

 

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.08.12.04
  rootkit: v2018.08.12.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
xxxxxxx [administrator]

13-08-2018 7:51:08
mbar-log-2018-08-13 (07-51-08).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 200168
Time elapsed: 20 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\21125198 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [dada8d415e5ac4722d1b19cb2fd118e8]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\57111163 (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [c4f03797ceeaa492b69223c1d62ab050]

Registry Values Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\21125198|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [dada8d415e5ac4722d1b19cb2fd118e8]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\57111163|WOW64 (Trojan.Emotet.Trace.Generic) -> Data: 1 -> Delete on reboot. [c4f03797ceeaa492b69223c1d62ab050]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\System32\drivers\21125198.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]
C:\WINDOWS\System32\drivers\57111163.sys (Trojan.Emotet.Trace.Generic) -> Delete on reboot. [bdfa7a13cc73b180bbdf1aba280e1cf7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Edited by HadToRegister
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.