leofelix

Trojan.Downloader detected in 65 system files

Recommended Posts

Hi all.

Trojan. downloader has been detected by MBAM in over 65 system files during quick scan,

I'm pretty sure this is a false positive, my XP pro is clean

-----------

Malwarebytes' Anti-Malware 1.41

Versione del database: 3286

Windows 5.1.2600 Service Pack 3

03/12/2009 20.16.51

mbam-log-2009-12-03 (20-16-49).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 121226

Tempo trascorso: 4 minute(s), 18 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 65

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti: (infected files)

C:\WINDOWS\system32\append.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\olesvr.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\drwatson.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\exe2bin.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\fastopen.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mem.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mouse.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\nlsfunc.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\share.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\shell.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\vwipxspx.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\gdi.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\vga.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winspool.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\olecli.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\debug.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\user.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\win87em.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mscdexnt.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\krnl386.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\comm.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wowdeb.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winnls.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winoldap.mod (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wfwnet.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wowexec.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\sysedit.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\system.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\edlin.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\setver.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Temp\Perflib_Perfdata_214.dat (Trojan.Downloader) -> No action taken.

C:\WINDOWS\UNBOC.EXE (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oeme.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemg.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemr.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemt.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\dos737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vgasys.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\MOUSE.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\OLECLI.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\OLESVR.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\SHELL.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\SYSTEM.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\VGA.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\WFWNET.DRV (Trojan.Downloader) -> No action taken.

----------------

SAS free found no malware

a-squared found no malware

I use ESET Smart security 4.0

Winpatrol 2010 free

Firefox plus WOT and Adblock plus

XP PRO SP 3 fully up to date

Thank you in advance

Share this post


Link to post
Share on other sites

Everything was clean up until this last update. Scaned with Kaspersky showed nothing. I'm hoping this is FP 63 infections at once is scaring me.

Malwarebytes' Anti-Malware 1.41

Database version: 3287

Windows 5.1.2600 Service Pack 3

12/3/2009 2:29:06 PM

mbam-log-2009-12-03 (14-29-06).txt

Scan type: Quick Scan

Objects scanned: 104552

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 63

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\append.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\drwatson.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\exe2bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\fastopen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\gdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\vwipxspx.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\winspool.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\edlin.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\nlsfunc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\win87em.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\winnls.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\winoldap.mod (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\mscdexnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\wowdeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\wowexec.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\krnl386.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\comm.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\setver.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system32\share.exe (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\8514oeme.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\8514oemg.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\8514oemr.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\8514oemt.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\dos737.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\vga852.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\vga857.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\vga866.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga40852.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga80852.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga80866.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\cga80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\ega80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\Fonts\vgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

C:\WINDOWS\system\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully. [4948455830538380756679153780887977806669708301070701553851524248473039344552380

10707015253514247405230232113011717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717]

Share this post


Link to post
Share on other sites
There was a DB glitch for a few minutes , let me know if this is fixed .

Hi Bruce,

fixed thank you so much :)

Regards:)

Share this post


Link to post
Share on other sites

Hi

it looks strange

I got the same false positive with data base version 3286 and data base version 3287 fixed this issue, same OS

Share this post


Link to post
Share on other sites

The newest DB has this fixed , please update and confirm .

We are sorry for then inconvenience .

Share this post


Link to post
Share on other sites
Sorry about that , we got this pulled quick once we saw this .

no problem nosirrah,

I know you are very fast and efficient:)

Fixed

Malwarebytes' Anti-Malware 1.41

Versione del database: 3288

Windows 5.1.2600 Service Pack 3

03/12/2009 20.46.09

mbam-log-2009-12-03 (20-46-09).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 121322

Tempo trascorso: 3 minute(s), 0 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 0

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

(Nessun elemento malevolo rilevato)

--------

Regards

Share this post


Link to post
Share on other sites

If anyone actually removed these please restore from quarantine and reboot . On my system this seems to completely reverse this .

Share this post


Link to post
Share on other sites
If anyone actually removed these please restore from quarantine and reboot . On my system this seems to completely reverse this .

Thank you for your advice

I didn't delete and quarantine these files

Cheers

Share this post


Link to post
Share on other sites

Wheeeeew....

This scared me to death, I had about 15 people come up to me in the office saying malwarebytes detected 50-70 filed with Trojan.Downloader.

I have updated the db and had them rerun and now everything is clean.

Share this post


Link to post
Share on other sites

Log file

Malwarebytes' Anti-Malware 1.41

Database version: 3288

Windows 5.1.2600 Service Pack 3

12/3/2009 3:01:29 PM

mbam-log-2009-12-03 (15-01-29).txt

Scan type: Quick Scan

Objects scanned: 104524

Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Here's my log for 3287, so not fixed yet - but I know these are false positives from the other entries in this topic.

Malwarebytes' Anti-Malware 1.41

Database version: 3287

Windows 5.1.2600 Service Pack 3

03/12/2009 20:06:19

mbam-log-2009-12-03 (20-06-16).txt

Scan type: Quick Scan

Objects scanned: 94050

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 63

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\append.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\debug.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\drwatson.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\exe2bin.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\fastopen.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\gdi.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\krnl386.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mem.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\sysedit.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\vwipxspx.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wfwnet.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\vga.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\comm.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\edlin.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mouse.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\nlsfunc.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\olecli.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\olesvr.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\win87em.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winnls.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winoldap.mod (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\user.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\system.drv (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\shell.dll (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\winspool.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wowdeb.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\wowexec.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\setver.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\share.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system32\mscdexnt.exe (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oeme.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemg.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemr.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\8514oemt.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\dos737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega40869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\ega80869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vga866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\vgasys.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga40869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80737.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80852.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80857.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80866.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\Fonts\cga80869.fon (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\MOUSE.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\OLECLI.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\OLESVR.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\SHELL.DLL (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\SYSTEM.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\VGA.DRV (Trojan.Downloader) -> No action taken.

C:\WINDOWS\system\WFWNET.DRV (Trojan.Downloader) -> No action taken.

Share this post


Link to post
Share on other sites

So uh... I had 103 instances pop up and I mistakenly deleted them and then the system asked for a system restart. Then I figured that was way too many Trojans considering how careful I (usually) am so I stumbled upon here now I'm kind of lost. I managed to find the 100 other quarantined files but I don't know where the last 3 went. I'm guessing they were deleted when the computer was restarted. Anyone shed some light on this?

Share this post


Link to post
Share on other sites

Double post, don't see an edit button but I forgot to post my log as well.

Malwarebytes' Anti-Malware 1.41

Database version: 3286

Windows 5.1.2600 Service Pack 3

12/3/2009 11:30:58 AM

mbam-log-2009-12-03 (11-30-57).txt

Scan type: Full Scan (C:\|)

Objects scanned: 135383

Time elapsed: 29 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 102

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Fonts\8514oeme.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\8514oemg.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\8514oemr.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\8514oemt.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga40852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga80852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga80866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cga40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\msdlg874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vga852.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\cvgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\j8514fix.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\j8514oem.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\j8514sys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\jvgafix.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\jvgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ssee874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ssef874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\svgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vga857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vga866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vga932.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vgas874.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\vgasys.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\dos737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega40737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega40857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega40866.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega40869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega80737.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega80857.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Fonts\ega80869.fon (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\MOUSE.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\OLECLI.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\OLESVR.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\SHELL.DLL (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\SYSTEM.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\VGA.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system\WFWNET.DRV (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\append.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\comm.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\edlin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fastopen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drwatson.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\exe2bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\krnl386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mscdexnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nlsfunc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\setver.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\share.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\win87em.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winnls.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winoldap.mod (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winspool.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wowdeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wowexec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\config\system.LOG (Trojan.Downloader) -> Delete on reboot.

C:\WINDOWS\system32\dllcache\append.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\debug.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\drwatson.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\edlin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\exe2bin.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\fastopen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\gdi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\krnl386.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\mouse.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\mscdexnt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\nlsfunc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\olecli.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\olesvr.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\share.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\shell.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\system.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\vga.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\wfwnet.drv (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\win87em.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\winnls.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\winspool.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\wowdeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\wowexec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat (Trojan.Downloader) -> Delete on reboot.

Share this post


Link to post
Share on other sites
i also deleted the files now when i start my pc i get windows has blocked a program from starting thius being malwarebytes

Please restore the deleted files form quarantine and update immediately MalwareBytes' Antimalware to the latest data base version 3288

Edited by leofelix

Share this post


Link to post
Share on other sites

I guess my concern is whether or not the temp file and the system.log from my System32 directory were important or not. I restored everything from quarantine already.

Share this post


Link to post
Share on other sites
I guess my concern is whether or not the temp file and the system.log from my System32 directory were important or not. I restored everything from quarantine already.

Hello everyone.

I have the same problem. Well, not exactly, because I didn

Share this post


Link to post
Share on other sites

If you told MBAM to delete those files go to the quarantine tab and restore them .

Either doing an update or downloading the new version will resolve this detection .

We are sorry for any inconvenience .

Share this post


Link to post
Share on other sites
If you told MBAM to delete those files go to the quarantine tab and restore them .

Either doing an update or downloading the new version will resolve this detection .

We are sorry for any inconvenience .

Thank you. I did that already. But what about those two files that will delete on reboot? Will they still delete if I download the new version? By the way: right now my modem doesn

Share this post


Link to post
Share on other sites
Thank you. I did that already. But what about those two files that will delete on reboot? Will they still delete if I download the new version? By the way: right now my modem doesn

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.