Jump to content

Possible False Positive


djss900

Recommended Posts

Just got this in a Windows 2003 R2 server - any thoughts? I think it's a false positive linked to the file service included in R2.

Malwarebytes' Anti-Malware 1.31

Database version: 1467

Windows 5.2.3790 Service Pack 2

12/7/2008 12:38:29 AM

mbam-log-2008-12-07 (00-38-26).txt

Scan type: Quick Scan

Objects scanned: 46075

Time elapsed: 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. [5138494534363830417475666876155285668385467079861301414438586436545151384753645

45238516152483953563451386146746883808480718561567479698088846136868383707985557

0

83847480796138898177808370836134698766796870699352856683856452738088469037806884

3

01713011813015749]

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\srmhost.exe (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.