Jump to content

Possible false positive


MoeP

Recommended Posts

I am posting the log from today after updating the program, it came up with 1 item which I was told may be a false positive, below is the log file. It was run in developer mode.

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 8:41:41 PM

mbam-log-2009-10-26 (20-41-19).txt

Scan type: Quick Scan

Objects scanned: 103158

Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SYSTEM32\Zoomquilt II Screensaver_uninst.exe (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

MoeP

Link to post
Share on other sites

Please zip and attach a copy of Zoomquilt II Screensaver_uninst.exe . This is likely a FP cause by the way this file is built , some coders prefer packers used by malware for some strange reason . With the file I mat be able to create a filter to improve this definition .

Link to post
Share on other sites

Get back to system32 .

Click tools , folder options , view .

Check "show hidden files and folders" .

Uncheck "hide protected operating system files" .

Apply the changes and look for the file , you should now find it .

You can set the hidden and system settings back after you send the file (the copy will also be hidden if you change them back first) .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.