Jump to content
Sign in to follow this  
mini

Backdoor.bot not sure if false positive

Recommended Posts

I am not sure if this is a false positive. Its the first time this has come up. Not sure what to do as it says its a windows programme. This is the log from the first normal scan>>>>

Malwarebytes' Anti-Malware 1.41

Database version: 2941

Windows 5.1.2600 Service Pack 3

11/10/2009 12:42:00

mbam-log-2009-10-11 (12-41-56).txt

Scan type: Full Scan (C:\|)

Objects scanned: 171928

Time elapsed: 46 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

This is from the scan in developer mode>>>>>

Malwarebytes' Anti-Malware 1.41

Database version: 2941

Windows 5.1.2600 Service Pack 3

11/10/2009 13:40:02

mbam-log-2009-10-11 (13-39-50)developer.txt

Scan type: Full Scan (C:\|)

Objects scanned: 172506

Time elapsed: 46 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. [4054423730356668766980808315358085130192182618192466691914202621671424177122146

8232217146726242523246766661871249413014739]

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken. [4054423730356668766980808315358085130192212621702368706814242125201466217070141

7262025142526222218266625216768249413014739]

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. [4054423730356668766980808315358085130192182618192466691914202621671424177122146

8232217146726242523246766661871249413014739]

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken. [4054423730356668766980808315358085130192212621702368706814242125201466217070141

7262025142526222218266625216768249413014739]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any help is much appreciated, thank you.

Share this post


Link to post
Share on other sites

You had a Zbot infection that some other tool did not completely clean up in the past , these are leftover traces .

Share this post


Link to post
Share on other sites

I did a scan earlier and nothing was found, then a few hours later I get this. So is this ok to delete.

Share this post


Link to post
Share on other sites

Well I deleted now, so see what happens, just gona run another can to be on safe side.

Share this post


Link to post
Share on other sites

sorry my impatience got the best of me. I have sucesfuly deleted it now. For future I will keep a log from both (Mbam and Hijack)..

Thanks for help

Share this post


Link to post
Share on other sites

If those traces come back we have a problem , if they don't then zbot was already dead .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.