Jump to content
Carol

BOClean's installers detected as Trojan.Vundo

Recommended Posts

A fellow member at CNET, reported MBAM detected the CBO_Setup_4.26.exe as Trojan.Vundo. He felt it might be a f/p, as I did. I downloaded BOClean's lastest installer (CBO_Setup_4.27.exe) to my desktop. MBAM detected Vundo. The log was saved in "devoloper mode". If the mode includes the long sequence of number's at the end of the log, all you need do is ask.

Malwarebytes' Anti-Malware 1.28

Database version: 1226

Windows 5.1.2600 Service Pack 3

10/1/2008 9:07:29 PM

mbam-log-2008-10-01 (21-06-57).txt

Scan type: Quick Scan

Objects scanned: 48339

Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Carol \Desktop\CBO_Setup_4.27.exe (Trojan.Vundo) -> No action taken.

Carol

Share this post


Link to post
Share on other sites

Tigger..

Is this log you were referring to?

Malwarebytes' Anti-Malware 1.28

Database version: 1226

Windows 5.1.2600 Service Pack 3

10/1/2008 7:40:21 PM

mbam-log-2008-10-01 (19-40-21).txt

Scan type: Quick Scan

Objects scanned: 17768

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I saved the log according to Marcin's instructions. The first log I posted was copied and "saved" to a different location. The above is from the program itself. If the above is also incorrect...... I'm stumped! :) Kindly, let me know what I need to do to correct this.

Share this post


Link to post
Share on other sites

Hello Carol,

I ran full scan and found what we are looking for.

Files Infected:

C:\Users\Hardhead\Downloads\CBO_Setup_4.27.exe (Trojan.Vundo) -> No action taken. [5253514247405230538380756679155586796980130125182623130117172518362119171721171

71717362022202223222422222518362117213917393939392217252036213936253539252537233

6

19211721352517171717171817173825343837181717171725353917202037353623172317173835

2

31725172038171724221734202036172534212217172520392524352421221820203719253422221

7

172520393424372421232125353622382526223719171717171720]

I'm sure Bruce will fix this soon.

Share this post


Link to post
Share on other sites

Hi Tim...

Thankfully, I saw your post while editing mine for the "umpteenth" time. I wrote in my original post, "if the mode includes the long sequence of number's at the end of the log, all you need do is ask". (I wasn't sure it if was necessary) For my own edification and knowledge, is that what Tigger meant when he said it wasn't a developer mode log? I didn't think Marcin's instructions for saving a log in developer mode was rocket science, but I've been knocking myself out trying to figure what I could have done wrong.

Thanks again.

Carol

Share this post


Link to post
Share on other sites

Hello Carol,

The developer mode will show the long sequence of number and while running in regular mode will not. :)

Share this post


Link to post
Share on other sites

Thanks again, Tim. Having never seen the 'long sequence of numbers' in my logs before, and never having saved a log in developers mode, I "shudda" thought to include it. 'Shudda cudda'.. it's history now!

I do appreciate you taking the time to explain it.

Share this post


Link to post
Share on other sites
Has a patch been issued for this false positive.

Ray

I no longer get the detection with database version 1227, so try updating and re-scanning.

Share this post


Link to post
Share on other sites

dbversion=1229 <- let me know if it is fixed in this version of defs , should be out in an hour

Share this post


Link to post
Share on other sites
dbversion=1229 <- let me know if it is fixed in this version of defs , should be out in an hour

I right clicked on file, scanned and all is clean now.

Thanks Bruce :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.