The CID Posted November 19, 2008 ID:35586 Share Posted November 19, 2008 Malwarebytes' Anti-Malware 1.30Database version: 1404Windows 5.1.2600 Service Pack 319/11/2008 10:03:51 a.m.mbam-log-2008-11-19 (10-03-51).txtScan type: Complete Scan (C:\|)Objects scanned: 26443Time elapsed: 10 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) (*)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) (*)(*)This appeared today, I did not have it yesterday.Today I installed NVIDIA+MSI Driver 162.18 for my graphic card MSI NX7600GS T2D-256E (NVIDIA GeForce 7600 GS 256Mb PCI-E) from MSI main site.I activated the D.O.T. (Dynamic Over-Clocking Technology) at "Commander" level (10% of over-clocking).This program loads itself at startup and activates itself when I require some intense graphic use. Only when this program activates itself Malwarebytes detects it.I am uploading the program. I put it in a ZIP:File name: WinSys2.exeLocation: C:\WINDOWS\system32Size: 208.896 bytesCreation Date: April 29, 2006Version of the file: 1.0.0.2Description: DOT MFC ApplicationOriginal name: DOT.exeThanks!WinSys2.zipWinSys2.zip Link to post Share on other sites More sharing options...
nosirrah Posted November 19, 2008 ID:35592 Share Posted November 19, 2008 I think I can modify things enough that we can still hit the malware version of this while missing the legit version .I need to know what happens when you scan with defs version 1413 (will be out later tonight) . Link to post Share on other sites More sharing options...
The CID Posted November 20, 2008 Author ID:35757 Share Posted November 20, 2008 I think I can modify things enough that we can still hit the malware version of this while missing the legit version .I need to know what happens when you scan with defs version 1413 (will be out later tonight) .Since Malwarebytes detects the file only when the D.O.T. (Dynamic Over-Clocking Technology) activates itself, I scanned the C:\ while runnig an aplication that should had activated it.I did the same scan using defs version 1414.No malicious items were detected at any level.Regards! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now