Jump to content

Recommended Posts

Hi Re-shadowwar:

CAn you please zip and upload the files to the false positive forum so we can investigate them?

Thanks.

http://forums.malwarebytes.org/index.php?showtopic=79156

I am posting this here. I restored the files from the recycle bin but, since

the names of both files are identical in system32 and SysWOW64, the files from SysWOW64

which were the last two I deleted, overwrote the files from system32. Therefore, when I

restored the files from the recycle bin, the system only restored them to the SysWOW64

folder. I can only physically see the files in SysWOW64, but Malwarebytes still finds

all four files, two in system32 and , two in SysWOW64. I've redeleted the files after

doing this "mbam.exe /developer" and, have attached a zipped folder containing all the

requested files.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6179

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/26/2011 8:18:35 PM

mbam-log-2011-03-26 (20-18-28).txt

Scan type: Quick scan

Objects scanned: 163487

Time elapsed: 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\bewisereboot.exe (Trojan.Agent) -> No action taken. [cf5442d6fd03768a45682337ee13d12f]

c:\Windows\System32\bewisereg.exe (Trojan.Bumat) -> No action taken. [fc278a8e03fdab550de0cfdc2ed37888]

c:\Windows\SysWOW64\bewisereboot.exe (Trojan.Agent) -> No action taken. [36ede236a06019e776373624e819a957]

c:\Windows\SysWOW64\bewisereg.exe (Trojan.Bumat) -> No action taken. [c0631bfdb050dd23de0f8d1e80817e82]

Thanks for all help.

Fuggerdemain.

P.S. I haven't done another scan since deleting the files and rebooting today: but, I will in a few moments.

MAR-25_26.zip

Link to post
Share on other sites

  • Staff

Do you have any idea where these files came from ?

There are some pretty strong hits on Virustotal for these files.

http://www.virustotal.com/file-scan/report.html?id=62b78dd213711b8b0d5c4e763b0a9c08542b0b35539d739dc603cf41f5de3b37-1301250399 17/43 virusscanner hits.

http://www.virustotal.com/file-scan/report.html?id=3a3ba36909022157ca282f5ae1f4905e682f6d9f99629aad05fd6e4e41110dd2-1301250138 24/42 virusscanner hits.

I will have to investigate these more.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.