Prm753 Posted November 17, 2007 ID:10066 Share Posted November 17, 2007 Logfile:Malwarebytes' Anti-Malware Version 0.72Database version: 200This logfile was saved before the removal process.Scan type: Quick ScanObjects scanned: 16368Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\PhotoShow.scr (Backdoor.Bot) -> No action taken.C:\Documents and Settings\Paul\explorer.wav (Heuristics.Reserved.Word.Exploit) -> No action taken.---explorer.wav was 0 bytes. Not sure what that's doing on my PC, but it's an FP. PhotoShow.scr is a small file that comes with the "SimpleStar" software that you get when you develop film at drugstore like a Walgreens or a CVS. Thanks! Link to post Share on other sites More sharing options...
nosirrah Posted November 18, 2007 ID:10079 Share Posted November 18, 2007 Both are heuristic hits .The first is to keep files from being named reserved words (common malware tactic) . It is a good thing that your file got nabbed because that indicated that this heuristic method is working .The other is a common malware name and location . It was a lack of research on the part of SimpleStar that led them to choosing this name or an intentional use of a known good file name .Could you zip and upload the second file for me (PhotoShow.scr) ? I need to check to see what it has for version information .We will be adding an extra piece to the heuristics that skips these hits if their is legit version info , that will allow me to keep this def while missing your file . Link to post Share on other sites More sharing options...
Prm753 Posted November 18, 2007 Author ID:10080 Share Posted November 18, 2007 Thanks for the quick response. PhotoShow.scr uploaded.PhotoShow.zipPhotoShow.zip Link to post Share on other sites More sharing options...
Recommended Posts