Jump to content
leofelix

[Backdoor.Celofot] Possible F.P

Recommended Posts

Hi,

I haven't visited in a while so I hope I am logging my problem in the right way. I ran MBAM (Database Version 3896) to check my sysytem and it indicated that my computer's registry is infected with Backdoor.Celofot. I deleted it using MBAM, then turned off my computer, restarted it and then rechecked my computer with MBAM. It continued to find the malware and I have been unable to delete it no matter how many times I try. I see from some earlier posts that many members think this is a false positive. Could you tell me if this is true and what should I do? I am running Windows XP 5.1.2600 Service pack 3.

Thanks,

Moyus

Share this post


Link to post
Share on other sites
Hi,

I haven't visited in a while so I hope I am logging my problem in the right way. I ran MBAM (Database Version 3896) to check my sysytem and it indicated that my computer's registry is infected with Backdoor.Celofot. I deleted it using MBAM, then turned off my computer, restarted it and then rechecked my computer with MBAM. It continued to find the malware and I have been unable to delete it no matter how many times I try. I see from some earlier posts that many members think this is a false positive. Could you tell me if this is true and what should I do? I am running Windows XP 5.1.2600 Service pack 3.

Thanks,

Moyus

Update and scan again , it has been resolved .

There was a bug that made MBAM see something what was not there . Nothing was actually detected or removed so simply updating is the only action required .

Share this post


Link to post
Share on other sites
I need to know 2 things .

After an update is anyone still getting this ?

Did this actually delete anything on anyone's system ?

Sorry for late reply,

answer 1: yes issue has been addressed :unsure: , thank you

answer 2: not here (I didn't allow MBAM to delete that registry entry)

Once again thank you

Share this post


Link to post
Share on other sites

Thank you all SO MUCH for this thread!!! I've been freaking out, as I keep running Malwarebytes and it keeps finding the same damned file. A second update got me to where I need to be.

THANK YOU THANK YOU THANK YOU!!!!!!

Share this post


Link to post
Share on other sites
Update and scan again , it has been resolved .

There was a bug that made MBAM see something what was not there . Nothing was actually detected or removed so simply updating is the only action required .

Thanks so much. I updated to version 3897 and reran MBAM. It detected no infection. Thanks, Thanks, Thanks!

Moyus

Share this post


Link to post
Share on other sites
Guest muchdrama

Hey, guys...first time poster here. Just a note to let you all know that I picked up the FP running MBAM 3896 as well. After quarantining the registry file, then restoring it & running MBAM again (this time using MBAM 3897), there was no trace of Backdoor.Celofot. Hope this quells some fears.

Share this post


Link to post
Share on other sites

The latest update 3898 had run a complete system scan, and found the registry entry. I updated before scanning, and the scan found the registry key, FP or not.

Comodo Firewall has been telling me that I keep on getting blocked intrustion attempts...it may be something valid that the OS is attempting to do, however I don't think its a just a coincidence.

At the very least it would be nice to get confirmation without a doubt that this is just an FP.

Share this post


Link to post
Share on other sites

I confirmed it several times in this thread and will be happy to confirm it once again .

There was a bug that made MBAM see a key that did not exist . Removing it and/or restoring it would not change anything in your system (as it did not actually exist) . All that is required to fix things is to update .

Share this post


Link to post
Share on other sites

So, has it been determined that BACKDOOR.CELOFOT is a false positive, that's it's nothing to be concerned about? My Trend Micro Internet Security Pro did not pick it up, apparently. I'm running VHP 64 with a wireless connection. I'm one of those "mere mortals" as well but I'd be curious to know what exactly BACKDOOR.CELOFOT is exactly. Thanks!

Share this post


Link to post
Share on other sites
Have you determined if this is a FP? Thanks?

hi - you'll notice that after the update, MBAM no longer alerts on that key

Share this post


Link to post
Share on other sites

I had deleted the key with your software. When I restored it from quarantine, "startup control" immediately asked me if I wanted to itunes helper to autorun. Startup control warns me when a program tries to install itself on startup.

So, it does look like MB did delete a key and it was related to itunes.

Share this post


Link to post
Share on other sites

I opened a video sent from Facebook last night and noticed it did not play a video and looked very suspicious so I quickly deleted it. Too late though. After logging into the senders facebook page I noticed many postings complaining about a virus that was attached. I quickly scanned with Malwarebytes and removed it but upon each of 4 re-scans have noticed that it is still there and Malwarebytes is asking me to remove it. It just isn't really removing it!! Help Malwarebytes before this thing does something bad...

Share this post


Link to post
Share on other sites

The celofot was a false positive, nothing to be alarmed about :unsure: it was not a virus, just a mistake and nothing to do with itunes either as I got the same warning and do not have it installed.

Thanks alot MBAM team for your prompt action!

Share this post


Link to post
Share on other sites
This will be fixed in just a sec guys .

Thanks Nosirrah - Is there any chance you could say how an FP actually occurs ?

I'm not au fait with these areas but this one did cause me a nuisance in that I tried so many times to get rid

of something that turns out wasn't there to begin with, including running Mbam in safe mode, and then deleting some Apps. that

there was nothing wrong with.

Thanks to the team regardless.

Share this post


Link to post
Share on other sites
Thanks Nosirrah - Is there any chance you could say how an FP actually occurs ?

Detecting millions of threats without ever making a mistake is close to impossible , I am sorry this this caused anyone any lost sleep .

Share this post


Link to post
Share on other sites

hi people, reading subject with interest, if it helps, i ran the scan on my pc it was terribly slow to open new tasks, explorer window was soooo slow to view simple folder contents bit of a poorly pc for the last month or so. found this fine tool and ran it, it picked up this.....backdoor.celofot...so i deleted it....thats ok..er.right?? pc seems to be back to spec, benchmarks ok. also i am protected by McFee. this seems to be ok this manages to stop quite a bit of crud so far apart from not finding this backdoor.celofot. so if it was false..what have i deleted please?

Malwarebytes' Anti-Malware 1.44

Database version: 3896

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

22/03/2010 08:04:49

mbam-log-2010-03-22 (08-04-49).txt

Scan type: Quick Scan

Objects scanned: 110591

Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie (Backdoor.Celofot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

regards fm :)

Share this post


Link to post
Share on other sites
:) I have exhausted myself, trying to get rid of Backdoor.Celofot. I contacted BitDefender (I also use Defender Pro 15 in 1) and they said it is definitly a virus (though I'm not really sure that they are sure). I have used "3B Software's, Windows Registry Repair Pro" and it finds the entry as: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protect_ie", when I use the "Search for Custom String" option. When I choose the "Delete" option, it tells me that the entry has been deleted (just like Malwarebyte's), but when I run "Repair Pro" or "Malwarebyte's" again, it is still there. When I use "regedit", no entry matching this string appears in that "run" directory, though out of the 14 entries shown, there are 3 or 4 that I cannot directly connect to any program I am aware of in XP sp3. I have spent many hours trying to rid my machine of this ghost, to no avail. A working answer would help....

Share this post


Link to post
Share on other sites

zizzy: You updated malwarebytes and it's still showing up?

I had this on Sunday, did what Bruce said, and it did disappear from my log. The key was never in my registry.

But I have to admit, I'm still scared stiff to use the computer for anything at this point.

Both my Norton, and Spybot came out clean, so I really shouldn't be worrying - I don't think. :)

Also, can a backdoor run with just a registry key, or would it need an .exe file as well?

Share this post


Link to post
Share on other sites

How happy I am to have found you!!! I have the same Backdoor.Celofot for days now! I even quarantined it, just to have it reappear. Hopefully it is a FP, that would explain why my Norton's didnt pick it up.

Thanks!

Share this post


Link to post
Share on other sites
How happy I am to have found you!!! I have the same Backdoor.Celofot for days now! I even quarantined it, just to have it reappear. Hopefully it is a FP, that would explain why my Norton's didnt pick it up.

Thanks!

Ok..just updated a few minutes ago...and WULLA!!! It's gone now! :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.