Jump to content

BOClean's installers detected as Trojan.Vundo

Carol

By Carol
in File Detections

 Share

Recommended Posts

Carol

Carol

Posted
Posted

A fellow member at CNET, reported MBAM detected the CBO_Setup_4.26.exe as Trojan.Vundo. He felt it might be a f/p, as I did. I downloaded BOClean's lastest installer (CBO_Setup_4.27.exe) to my desktop. MBAM detected Vundo. The log was saved in "devoloper mode". If the mode includes the long sequence of number's at the end of the log, all you need do is ask.

Malwarebytes' Anti-Malware 1.28

Database version: 1226

Windows 5.1.2600 Service Pack 3

10/1/2008 9:07:29 PM

mbam-log-2008-10-01 (21-06-57).txt

Scan type: Quick Scan

Objects scanned: 48339

Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Carol \Desktop\CBO_Setup_4.27.exe (Trojan.Vundo) -> No action taken.

Carol

Link to post
Share on other sites
Carol

Carol

Posted
  • Author
Posted

Tigger..

Is this log you were referring to?

Malwarebytes' Anti-Malware 1.28

Database version: 1226

Windows 5.1.2600 Service Pack 3

10/1/2008 7:40:21 PM

mbam-log-2008-10-01 (19-40-21).txt

Scan type: Quick Scan

Objects scanned: 17768

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I saved the log according to Marcin's instructions. The first log I posted was copied and "saved" to a different location. The above is from the program itself. If the above is also incorrect...... I'm stumped! :) Kindly, let me know what I need to do to correct this.

Link to post
Share on other sites
Hardhead

Hardhead

Posted
Posted

Hello Carol,

I ran full scan and found what we are looking for.

Files Infected:

C:\Users\Hardhead\Downloads\CBO_Setup_4.27.exe (Trojan.Vundo) -> No action taken. [5253514247405230538380756679155586796980130125182623130117172518362119171721171

71717362022202223222422222518362117213917393939392217252036213936253539252537233

6

19211721352517171717171817173825343837181717171725353917202037353623172317173835

2

31725172038171724221734202036172534212217172520392524352421221820203719253422221

7

172520393424372421232125353622382526223719171717171720]

I'm sure Bruce will fix this soon.

Link to post
Share on other sites
Carol

Carol

Posted
  • Author
Posted

Hi Tim...

Thankfully, I saw your post while editing mine for the "umpteenth" time. I wrote in my original post, "if the mode includes the long sequence of number's at the end of the log, all you need do is ask". (I wasn't sure it if was necessary) For my own edification and knowledge, is that what Tigger meant when he said it wasn't a developer mode log? I didn't think Marcin's instructions for saving a log in developer mode was rocket science, but I've been knocking myself out trying to figure what I could have done wrong.

Thanks again.

Carol

Link to post
Share on other sites
Carol

Carol

Posted
  • Author
Posted

Thanks again, Tim. Having never seen the 'long sequence of numbers' in my logs before, and never having saved a log in developers mode, I "shudda" thought to include it. 'Shudda cudda'.. it's history now!

I do appreciate you taking the time to explain it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.