Jump to content

Malwarebytes says files have Backdoor.pcclient


Tinsby
 Share

Recommended Posts

Hello,

Using the free version of Malwarebytes I discovered that a flash and backup program from Motorola supposedly has backdoor.pcclient infection.

BUT........... I sent the same files to my friend who also uses Malwarebytes and his program showed nothing!

Now who am I to believe? I sent not only one current version of the Motorola program but an earlier one, his program says the old version is fine, mine says it too is corrupt!!!

What's up with this?

I have the programs and can send them if needed.

Thank you,

Tinsby

Link to post
Share on other sites

Please get me a developers log :

http://www.malwarebytes.org/forums/index.php?showtopic=3228

or a copy of the file we detect .

Bruce,

Hi and thanks... I wanted to put the file on a CF card and scan just that. Malwarebytes refuses to do that even though I don't have the C:\drive checked.

I can't send the file even when I zip it it's 700KB.

I will do a full system scan again using the method you want and get you the log. I can't do it now it will take about 40 minutes to scan the drive and I am off to bed!

You'll have the log tomorrow. Why it won't allow a scan of just the CF card is a mystery to me.

Regards,

J Tinsby

Link to post
Share on other sites

Hello:

Here is the developer logfile from last nights scan. I am also getting a few backdoor.pcclient possible infections on legitimate files. Also sent an e-mail and the files to malwarebytes support.

-Mark

Malwarebytes' Anti-Malware 1.41
Database version: 2845
Windows 5.1.2600 Service Pack 3

9/23/2009 5:02:34 AM
mbam-log-2009-09-23 (05-02-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 256642
Time elapsed: 58 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avgantirootkit (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261
72223362124211917172422243923341836253721223725232518252418211817172217382539201
9
34171717172535213737253924361839173939393939391739252226341717171717172518243737
3
63839353834373738173925222537171717171717251824373825212623382420242117392522251
7
17171717171725182437382124202339232324212422242425182437381721382422233623362422
2
338253521223917203513014755]

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261
72223362124211917172422243923341836253721223725232518252418211817172217382539201
9
34171717172535213737253924361839173939393939391739252226341717171717172518243737
3
63839353834373738173925222537171717171717251824373825212623382420242117392522251
7
17171717171725182437382124202339232324212422242425182437381721382422233623362422
2
338253521223917203513014755]
C:\downloads\DVD_Stuff\SetupImgBurn_2.1.0.0.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261
72223362124211917172422243923341836253721223725232518252418211817172217382539201
9
34171717172535213737253924361839173939393939391739252226341717171717172518243737
3
63839353834373738173925222537171717171717251824373825212623382420242117392522251
7
17171717171725182437382124202339232324212422242425182437381721382422233623362422
2
338253521223917203513014755]
C:\downloads\GRISOFT_SOFTWARE\avgarkt-setup-1.1.0.42.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261
72223362124211917172422243923341836253721223725232518252418211817172217382539201
9
34171717172535213737253924361839173939393939391739252226341717171717172518243737
3
63839353834373738173925222537171717171717251824373825212623382420242117392522251
7
17171717171725182437382124202339232324212422242425182437381721382422233623362422
2
338253521223917203513014755]
C:\System Volume Information\_restore{8B346AAB-A4D4-49FC-A957-A6006224F9B4}\RP1924\A0171303.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261
72223362124211917172422243923341836253721223725232518252418211817172217382539201
9
34171717172535213737253924361839173939393939391739252226341717171717172518243737
3
63839353834373738173925222537171717171717251824373825212623382420242117392522251
7
17171717171725182437382124202339232324212422242425182437381721382422233623362422
2
338253521223917203513014755]

Link to post
Share on other sites

With regards to the files mention in the previous post, Image Burn 2.1.0 is old and is not installed, but older versions of programs are kept in the download directory. AVG anti-root kit is also an older version of the program and I have not used it in the last two years. I looked at the files individually with my AV software (Norton Corporate AV) and nothing came up. A full scan revealed nothing either.

-Mark

Link to post
Share on other sites

Apologies, tried to post this as a "New Topic" as per forum instructions but it wouldn't let me - I am posting it here as it looks like the identical (or nearly) problem.

After updating with the latest definition files MBAM Free has started flagging various old AVG install / uninstall files on my computer as malware, listing them as Backdoor.PcClient.

Is this a false positive?

Scan Log:

-----------------------------------------------------------------------

Objects scanned: 156415

Time elapsed: 1 hour(s), 12 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avgantispyware75 (Backdoor.PcClient) -> Not selected for removal. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Downloaded install progs\avgas-setup-7.5.0.50.exe (Backdoor.PcClient) -> Not selected for removal. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe (Backdoor.PcClient) -> Not selected for removal. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

E:\Austs stuff\Computer stuff\Misc soft updates Aug07\avgarkt-setup-1.1.0.42.exe (Backdoor.PcClient) -> Not selected for removal. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

---------------------------------------------------------------------------------------------------------------------

Link to post
Share on other sites

Please get me a developers log :

http://www.malwarebytes.org/forums/index.php?showtopic=3228

or a copy of the file we detect .

Bruce,

Here is the logfile you requested that shows infection by BACKDOOR.PCCCLIENT in my Motorola Flash and Backup program.

Tinsby mbam_log_2009_09_23__10_52_44_.txt

Malwarebytes' Anti-Malware 1.41

Database version: 2843

Windows 5.1.2600 Service Pack 3

9/23/2009 10:52:54 AM

mbam-log-2009-09-23 (10-52-44).txt

Scan type: Full Scan (C:\|G:\|)

Objects scanned: 191162

Time elapsed: 37 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{2E803C02-041C-4EA2-9CEA-57951F516A9D}\RP78\A0035720.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

C:\Documents and Settings\Fred\Desktop\fb3.0.7.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

C:\Documents and Settings\Fred\Desktop\fb3install\fb3.0.6.exe (Backdoor.PcClient) -> No action taken. [5253514247405230356668766980808315496836777470798513012521222513012020361720261

72223362124211917172422243923341836253721223725232518252418211817172217382539201

9

34171717172535213737253924361839173939393939391739252226341717171717172518243737

3

63839353834373738173925222537171717171717251824373825212623382420242117392522251

7

17171717171725182437382124202339232324212422242425182437381721382422233623362422

2

338253521223917203513014755]

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.