poydorus Posted July 25, 2010 ID:289983 Share Posted July 25, 2010 Hi allHere is the log file which found msvcrt2.dll. I have quarantined the file which so far hasn't caused any problems, but I am not sure if this is a false positive. The file is dated 15 jul 2010 so it appeared very recently.Can you help?Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> No action taken. Link to post Share on other sites More sharing options...
Maniac Posted July 26, 2010 ID:290615 Share Posted July 26, 2010 Hi poydorus! Please follow these instructions and let me know about that:http://forums.malwarebytes.org/index.php?showtopic=3228 Link to post Share on other sites More sharing options...
poydorus Posted July 26, 2010 Author ID:290766 Share Posted July 26, 2010 Hi poydorus! Please follow these instructions and let me know about that:http://forums.malwarebytes.org/index.php?showtopic=3228Thanks for replyingI ran the file through virustotal and none of the scans came up positive.However I think it is suspicious that the name is similar to Microsoft system files.The file is 102,423 bytes and has no version information to identify its source.I normally use a limited user account so I wondered if some malware wasn't able to install itself completely.Here is the scan result running in developer mode:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4344Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870226/07/2010 17:56:36mbam-log-2010-07-26 (17-56-36).txtScan type: Full scan (C:\|)Objects scanned: 281484Time elapsed: 1 hour(s), 43 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\msvcrt2.dll (Malware.Traces) -> No action taken. [259A0AE1DB99045A847FE0CA185356CD] Link to post Share on other sites More sharing options...
Maniac Posted July 26, 2010 ID:290777 Share Posted July 26, 2010 Please wait! Link to post Share on other sites More sharing options...
Maniac Posted July 26, 2010 ID:290794 Share Posted July 26, 2010 We need this file:C:\WINDOWS\system32\msvcrt2.dllPlease zip it and attach it in your next reply. Link to post Share on other sites More sharing options...
poydorus Posted July 26, 2010 Author ID:290852 Share Posted July 26, 2010 Zip file attachedmsvcrt2.zip Link to post Share on other sites More sharing options...
Maniac Posted July 27, 2010 ID:291186 Share Posted July 27, 2010 Could be deleted. Here the answer from our Assistant Director of Research - Mieke Verburgh:Hi,The file may be deleted. It's indeed one of these traces left by an infection. The file itself is no executable and only a trace. Link to post Share on other sites More sharing options...
poydorus Posted July 27, 2010 Author ID:291223 Share Posted July 27, 2010 Could be deleted. Here the answer from our Assistant Director of Research - Mieke Verburgh:Thank you for your help.As the file was originally dated 15 July 2010, I suspect that it was from malware that failed to install itself as I normally use a limited user account. Link to post Share on other sites More sharing options...
Maniac Posted July 27, 2010 ID:291323 Share Posted July 27, 2010 You're welcome! Anything else? Link to post Share on other sites More sharing options...
Staff screen317 Posted August 10, 2010 Staff ID:298628 Share Posted August 10, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts