Jump to content
leofelix

[Backdoor.Celofot] Possible F.P

Recommended Posts

I scanned about 20 mins ago, was there a more recent update Nosirrah?

Post your defs version and I can tell you for sure .

Share this post


Link to post
Share on other sites

I just got this as well, It must be a false positive, because I just installed windows 7 64 bit yesterday, it's fully updated, I'm Running Spyware Doctor with AV 2010 and I really havent done much on the the internet. I'll be really surprised if this is for real.

Share this post


Link to post
Share on other sites

cant post the defs as I do not know what to do with the screen asking me what to do with this item, I had scanned just 5 mins before I made the post on here if that helps.

Share this post


Link to post
Share on other sites

Just did the update and got a clean scan.

My blood pressure is returning to normal. Thanks for the quick response!

Share this post


Link to post
Share on other sites

I registered just to post a reply here.

About 20 mins ago i installed MBAM for the first time and after a Quick Scan it showed the following which has been linked earlier in the thread:

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> No action taken.

Version was

Malwarebytes' Anti-Malware 1.44

Database version: 3896

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

After a little googling and checking the forum i found this thread and updated again as advised. After the update it can no longer find anything even with a Full Scan.

P.S

What should i do regarding the registry key? Is it something that should be there or should i just delete it anyways?

Share this post


Link to post
Share on other sites

So it was a FP?

How then do I restore it? the only options I can see are to ignore it or to delete it :unsure:

Share this post


Link to post
Share on other sites

same problem, however i have litterally just reformatted my hard disks and reinstalled windows... plus unplugged my internet untill all my security software was installed... have only used the internet to update windows 7 64bit and update my trusty security software!

Share this post


Link to post
Share on other sites

Hello,

Here is my quick scan after update. All clear, thanks.

Malwarebytes' Anti-Malware 1.44

Database version: 3897

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/21/2010 5:46:56 PM

mbam-log-2010-03-21 (17-46-56).txt

Scan type: Quick Scan

Objects scanned: 115430

Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
How then do I restore it? the only options I can see are to ignore it or to delete it

Best I can tell this was a display only FP . Unless someone can confirm something actually got deleted this should be completely resolved at this point .

Share this post


Link to post
Share on other sites
Best I can tell this was a display only FP . Unless someone else can confirm something actually got deleted this should be completely resolved at this point .

The registry key itself is actually there when checking with Regedit, although that could because i restored it from Quarantine after it was found.

Share this post


Link to post
Share on other sites

So how do I restore it then?

Do I click ignore or untick the box?

I have never restored a FB before sorry.

Share this post


Link to post
Share on other sites
The registry key itself is actually there when checking with Regedit, although that could because i restored it from Quarantine after it was found.

I am almost certain that both deleting and restoring here would do absolutely nothing as the detection did not exist to begin with thus nothing was deleted and in turn there was also nothing to restore .

BTW , this was actually more of a bug than a FP . The bug made MBAM "see" something that was not there , it did not actually detect something legit as malware .

Share this post


Link to post
Share on other sites

All is well!

Malwarebytes' Anti-Malware 1.44

Database version: 3897

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

22/03/2010 11:00:24 AM

mbam-log-2010-03-22 (11-00-24).txt

Scan type: Quick Scan

Objects scanned: 121698

Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

I have the same problem toooooo......Glad I found this topic I was getting nervous about it,This is what mine said

Malwarebytes' Anti-Malware 1.44

Database version: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/21/2010 7:01:46 PM

mbam-log-2010-03-21 (19-00-46).txt

Scan type: Quick Scan

Objects scanned: 104976

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Database version: 3896 <- you are one back , update and confirm that this is fixed please .

Share this post


Link to post
Share on other sites

Hi there!

I've been keeping my eye on this thread since i also got this backdoor.celefot entry in my malwarebyes scan on my new pc.

But thanks to the update to database 3897 this has been solved.

Thanks for that, now i can sleep well :unsure:

Share this post


Link to post
Share on other sites

I tried to ignore it but it disapeared and I had to close MBAM down, looking in the logs there was non generated for this either!

I updated and scanned and it found nothing! Now I can go to sleep its 1.20am here, that will teach me to scan before bedtime :unsure:

Share this post


Link to post
Share on other sites

Wow Thanks so much.....I so much appreciate all the help,Thanks Malwarebytes ya'll Rock.......

Share this post


Link to post
Share on other sites
Guest SFdude

Yes, thanks Nosirrah and Forum members,

for the quick reaction, symptoms and resolution.

MBAM rocks! :unsure:

SFdude

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.