Jump to content

FP on backdoor.bot? - all (~10K) files infected in directory

raven

By raven
in File Detections

 Share

Recommended Posts

raven

raven

Posted
Posted

A biweekly(ish) MB scan turned up backdoor.bot on all the files in a major directory that I store most things in for ease of backup. This includes approx 13,000 files, several hundred folders and 16 registry keys, plus a dozen registry values. Everything is sitting in quarantine right now and I (obviously) can't access any of it. I'm hoping this is somehow a false positive!

I'm running the latest software (v1.30) and update (db version 1446). Thanks in advance!

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

Its a FP but that is a very dangerous place to store anything . MBAM is aggressive against things that cant be legit and from time to time we do hit "creative" custom modifications .

C:\_ is a very bad name for a backup folder both because it is in root and because its name is "_" .

Link to post
Share on other sites
raven

raven

Posted
  • Author
Posted
Its a FP but that is a very dangerous place to store anything . MBAM is aggressive against things that cant be legit and from time to time we do hit "creative" custom modifications .

C:\_ is a very bad name for a backup folder both because it is in root and because its name is "_" .

great - and thanks for the information on naming protocol. This makes sense as I have the identical directory structure at home except that, because there are several users there, my _ directory is found in ...My Documents\_ . Running MB at home did not detect any backdoor.bot instances.

Just to make sure, are the backdoor.bot registry keys and values from this same scan also false positives?

Thanks!

Link to post
Share on other sites
raven

raven

Posted
  • Author
Posted
I would have to see the log .

Looks like I won't have to post the log - removed everything from quarantine, hid .../_ in .../My Documents and ran MB again. Nothing was detected this time around (although I found that I couldn't unquarantine the Registry Keys).

Thanks again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.