Jump to content

Vista Sidebar?


jpshortstuff

Recommended Posts

http://forums.whatthetech.com/index.php?s=...st&p=498527

Thought it was legit, feel free to correct me if wrong.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vista sidebar (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:

C:\Program Files\Vista Sidebar\sidebar.exe (Backdoor.Bot) -> Delete on reboot.

Unless it was replaced with a bad sidebar.exe, of which there are a few...

Link to post
Share on other sites

I think we would be getting hammered if this was a FP , I could see 1 post every 15 minutes if this were the case .

If you can get me a copy of that file and/or a scan a vista box with the legit version .

Marcin uses Vista on his work box , I will double check with him as well .

Link to post
Share on other sites

http://www.google.com/search?hl=en&as_...amp;safe=images

I get nothing for that hit , looks fake .

Another thought , could the user have modified either their log or their run key ?

MBAM is used thousands of times a day in the HJT forums , if this were a direct FP there would be more than just your malwarebytes report indexed by google .

Link to post
Share on other sites

Hmm.

"Vista Visual Pack 7.0" is installed, which would be where I think it would come from if it was legit. This isn't a Vista machine, these are I think add-ons for XP to make it Visually more like Vista.

Same entries in these logs (to name a few):

http://forums.techguy.org/malware-removal-...pack-6-0-a.html

http://www.5starsupport.com/ipboard/lofive...php?t11061.html

http://www.lavasoftsupport.com/lofiversion...php/t16708.html

http://www.bleepingcomputer.com/forums/topic164735.html

http://www.geekstogo.com/forum/After-using...amp;pid=1190398

MBAM hasn't been run in any of those though.

I'll grab you a copy. I know they should be in this folder:

C:\Documents and Settings\[username]\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

What is the file naming convention for Quarantined files?

Thanks Bruce.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.