Jump to content

[Backdoor.Celofot] Possible F.P


Recommended Posts

  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

I just got this as well, It must be a false positive, because I just installed windows 7 64 bit yesterday, it's fully updated, I'm Running Spyware Doctor with AV 2010 and I really havent done much on the the internet. I'll be really surprised if this is for real.

Link to post
Share on other sites

cant post the defs as I do not know what to do with the screen asking me what to do with this item, I had scanned just 5 mins before I made the post on here if that helps.

Link to post
Share on other sites

I registered just to post a reply here.

About 20 mins ago i installed MBAM for the first time and after a Quick Scan it showed the following which has been linked earlier in the thread:

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> No action taken.

Version was

Malwarebytes' Anti-Malware 1.44

Database version: 3896

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

After a little googling and checking the forum i found this thread and updated again as advised. After the update it can no longer find anything even with a Full Scan.

P.S

What should i do regarding the registry key? Is it something that should be there or should i just delete it anyways?

Link to post
Share on other sites

same problem, however i have litterally just reformatted my hard disks and reinstalled windows... plus unplugged my internet untill all my security software was installed... have only used the internet to update windows 7 64bit and update my trusty security software!

Link to post
Share on other sites

Hello,

Here is my quick scan after update. All clear, thanks.

Malwarebytes' Anti-Malware 1.44

Database version: 3897

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/21/2010 5:46:56 PM

mbam-log-2010-03-21 (17-46-56).txt

Scan type: Quick Scan

Objects scanned: 115430

Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites
How then do I restore it? the only options I can see are to ignore it or to delete it

Best I can tell this was a display only FP . Unless someone can confirm something actually got deleted this should be completely resolved at this point .

Link to post
Share on other sites
Best I can tell this was a display only FP . Unless someone else can confirm something actually got deleted this should be completely resolved at this point .

The registry key itself is actually there when checking with Regedit, although that could because i restored it from Quarantine after it was found.

Link to post
Share on other sites
The registry key itself is actually there when checking with Regedit, although that could because i restored it from Quarantine after it was found.

I am almost certain that both deleting and restoring here would do absolutely nothing as the detection did not exist to begin with thus nothing was deleted and in turn there was also nothing to restore .

BTW , this was actually more of a bug than a FP . The bug made MBAM "see" something that was not there , it did not actually detect something legit as malware .

Link to post
Share on other sites

All is well!

Malwarebytes' Anti-Malware 1.44

Database version: 3897

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

22/03/2010 11:00:24 AM

mbam-log-2010-03-22 (11-00-24).txt

Scan type: Quick Scan

Objects scanned: 121698

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I have the same problem toooooo......Glad I found this topic I was getting nervous about it,This is what mine said

Malwarebytes' Anti-Malware 1.44

Database version: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/21/2010 7:01:46 PM

mbam-log-2010-03-21 (19-00-46).txt

Scan type: Quick Scan

Objects scanned: 104976

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi there!

I've been keeping my eye on this thread since i also got this backdoor.celefot entry in my malwarebyes scan on my new pc.

But thanks to the update to database 3897 this has been solved.

Thanks for that, now i can sleep well :unsure:

Link to post
Share on other sites

I tried to ignore it but it disapeared and I had to close MBAM down, looking in the logs there was non generated for this either!

I updated and scanned and it found nothing! Now I can go to sleep its 1.20am here, that will teach me to scan before bedtime :unsure:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.