Jump to content

Cred.dll file


nexon

Recommended Posts

Today scan finished but there was a file cred.dll (don't know what is this) no vendor (manufactor)... 

Detected as Trojan.Amadey.E in appdata/roaming/a20732a67da3b4/cred.dll

Virustotal says all clean... 

Link to post
Share on other sites

  • Staff

Also as a note,..

It is not recommended to have 'scan for rootkits' enabled on a regular basis. It should only be enabled if you believe you have been infected with a rootkit.
Turning that option on disables some whitelisting so sometimes legit files get detected because of this.
By default, rootkit scanning is off.

Link to post
Share on other sites

  • Staff

Thank you for the link.

Indeed it is 0 byte file. 

File was detected in a unusual location so I suspect it was a legit detection. (Amedy is a password stealer so I want to take a quick look in the folder this cred.dll was in)
What if anything is left in this directory?
C:\USERS\MATO\APPDATA\ROAMING\A20732A67DA3B4

You'll likely have to "show hidden files/folders" to get to that folder.
Here is how if needed:
https://support.microsoft.com/en-us/windows/show-hidden-files-0320fe58-0117-fd59-6851-9b7f9840fdb2

 

[ EDIT by AdvancedSetup ]

 

Show-Hidden-Folders-Files-Extensions
https://forums.malwarebytes.com/topic/299345-show-hidden-folders-files-extensions/

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites

  • Staff

OK thanks.

Just to put both of our minds at ease (because Amadey is a password stealer and that file location is suspect) it is probably a good idea to get a deeper analysis on your machine.

Head to this post, follow instructions there and someone will be along to check them. You can post a link from here in your new thread so your helper knows why you are there.

 

Let me know how it works out.

Link to post
Share on other sites

  • Staff

You can leave it in quarantine. I just want to make sure there is nothing else nasty sticking around)
If Farbar shows anything significant, they'll use it to clean up and they usually send us the quarantine from farbar so we can add detection.


Can I ask you to attach the .quar file from the quarantine here? (zipped) (unless it is 0 bytes)
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\somebiglongnumber.quar (matching date of your scan 9/14/2024)

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.