Jump to content
Sign in to follow this  
RubbeR DuckY

Important one

Recommended Posts

Bruce,

I'm pretty sure these are false positives. I don't have a developers log. Any idea how they were detected?

Malwarebytes' Anti-Malware Version 0.77

Database version: 219

Scan type: Quick Scan

Objects scanned: 59363

Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 3

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 5

Files Infected: 23

Memory Processes Infected:

c:\program files\spywarebot\spywarebot.exe (Rogue.SpywareBot) -> No action taken.

Memory Modules Infected:

c:\program files\spywarebot\spycleaner.dll (Rogue.SpywareBot) -> No action taken.

c:\program files\spywarebot\tcl.dll (Rogue.SpywareBot) -> No action taken.

c:\program files\spywarebot\zlib.dll (Rogue.SpywareBot) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\SpywareBot (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot (Rogue.SpywareBot) -> No action taken.

Files Infected:

C:\Program Files\SpywareBot\DataBase.ref (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\Launcher.exe (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\license.rtf (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\SpyCleaner.dll (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\SpywareBot.exe (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\SpywareBot.url (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\TCL.dll (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\unins000.dat (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\unins000.exe (Rogue.SpywareBot) -> No action taken.

C:\Program Files\SpywareBot\zlib.dll (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\Log\2007 Dec 05 - 03_00_01 AM_765.log (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\Log\2007 Dec 05 - 03_00_04 AM_718.log (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\Administrator\Application Data\SpywareBot\Settings\ScanResults.pie (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot on the Web.lnk (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\SpywareBot.lnk (Rogue.SpywareBot) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBot\Uninstall SpywareBot.lnk (Rogue.SpywareBot) -> No action taken.

C:\WINDOWS\system32\taskmgr.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\I386\OPRGHDLR.SY_ (Heuristics.Malware) -> No action taken.

C:\WINDOWS\system32\winlogon.exe (Rootkit.Dropper) -> No action taken.

C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe (Rootkit.Dropper) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe (Rootkit.Dropper) -> No action taken.

Share this post


Link to post
Share on other sites

Those should not be FPs from the looks of it .

The fact that winlogon.exe and taskmgr.exe are detected in multiple locations seems to indicate that these files have been replaced .

OPRGHDLR.SY_ will likely be the only one I can research without MD5s or a dev log .

There is another possibility though . If I added a def for a patched file by mistake then this could happen .

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.