Jump to content

Recommended Posts

Good Day,

This is a question that is strictly forum-specific about whether two detected programs on my laptop are false positives or not. I have not a single computer symptom that needs fixed. Of course it could be a John Wayne moment- things are TOO quiet out there with my perfectly operating laptop.

I am inquiring about two files that I believe yield false positives with the most updated version of free Malwarebytes: MoveMediaPlayer_07103010.exe (Backdoor.Bot) and IFinst27.exe (Trojan.Downloader). Neither is a startup process on my machine and I myself have never opened these files, but they would have been used by a previous owner in 2008. This is a laptop with XP home SP2 that I inherited from a relative one year ago after he graduated from college. The computer has had a Comodo firewall for years, and I myself always run Windows Firewall too. I have used the short Malwarebytes scans many times on this laptop and never found anything other than some very mild adware in one instance (adware.myweb). A few days ago I ran the long Malwarebytes scan for the first time and found the two files that I named above. I checked the creation dates of this 'malware' before quarantining (not deleted yet!) and they have been on the computer since early-middle 2008 and were installed by the previous owner. I guess I think if a backdoor bot was on this machine for more than two years, there would be numerous symptoms by now, rather than none. In the year I have used this laptop, not a single problem, no redirects, no popups, no freezes ever or bluescreens. I mean perfectly clean, maybe even stellar behavior. I also check Hijackthis now and then, and no important or unexpected changes over that time.

From the old install log, I determine that the MoveMediaPlayer_07103010.exe was installed directly from the vendor's site in early 2008. I also note from internet searches that this older version of MoveMediaPlayer seems to ALWAYS be detected as a backdoor bot by Malwarebytes. Yet at virustotal.com, only 9 of 43 virus scanning programs detect it as malicious. In all but one instance of many I researched online, ComboFix also ignored it. On the day of installation in 2008, a lot of qss files were included in the new Move Media folder- it all looks like a legit and intended download based upon the remaining files in the folder that contained MoveMediaPlayer_07103010.exe, meaning to say the quarantined file was not just a 'floater'.

As for IFinst27.exe, it was a 'floater' in the Windows folder with a cute icon. But threatexpert.com found only 1 instance in 95 submitted cases where this file was a threat. It (InstallFactory V2.70?) is supposedly needed to add/remove some program in Windows. Some say it is an installer for certain games. At the time it was installed I find files involving Macromedia Flash Player and widgetbox.com/widgetserver.com and a DNS Caching Resolver Service from Microsoft.

Attached are four logs: HJTbeforeMWBfix (HijackThis log before running Malwarebytes); MBAMlog (the long scan that found and quarantined the two files in question); ComboFix (run after the MBAM long scan); HJTafterMWBfix (HijackThis log AFTER running Malwarebytes/quarantining and ComboFix). I also have the installation log for MoveMediaPlayer if it is needed later. Note that the only change between the pre- and post- HijackThis logs was the removal by either MBAM or ComboFix of a single entry: O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS. Also note that the Firefox plug-in (npmnqmp07076007.dll) for MoveMediaPlayer was not removed by either ComboFix or Malwarebytes. Also I ran Kaspersky today for all of the relevant parts of C-drive and got nothing.

What do you think? Are MoveMediaPlayer_07103010.exe and IFinst27.exe really malware? If so, why did they not attack this laptop over the past two years?

Thanks for any expert advice you can offer.

HJTbeforeMWBfix.txt

Combofix_scan.txt

MBAMlog.txt

HJTafterMWBfix.txt

Link to post
Share on other sites

Zip and attach both files and we can actually answer the question.

Good Day,

They are in the quarantine folder. I would rather wait until my current job assignment (requires this computer) is done before reinstalling them onto the laptop, just in case. Unless there is a way to extract them without a complete restoration into my system?. If not, it will be two weeks before I can risk restoring the files.

One more thing, since Malwarebytes already shows these two files as malicious- what additional tests can you run to see if they are false postives?

Thanks,

Mr Noatak

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.