Jump to content
Sign in to follow this  
JoleFindsTheRogues

Worm.Archive

Recommended Posts

fontinst.exe is being detected as Worm.Archive..

I think it's not a worm because it's used to install specific fonts in the fonts folder in system32

LOG :

Malwarebytes' Anti-Malware 1.41
Database version: 2900
Windows 6.1.7600

10/3/2009 21:49:02
mbam-log-2009-10-03 (21-49-01).txt

Scan type: Quick Scan
Objects scanned: 98753
Time elapsed: 1 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Fonts\fontinst.exe (Worm.Archive) -> No action taken. [3857535134305680837815348368737487701301065642473742510661398079858461111570
8970]

also the file has been attached

pass is

false

fontinst.rar

Share this post


Link to post
Share on other sites

Its a heuristic hit based on a few factors mostly having to do with existing in a folder where explorer cant interface with all files correctly .

It should be fixed now .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.