Jump to content
dwatson.exodus

Windows 2003 Server R2 Possible False Positive

Recommended Posts

I was just a scanning on this server to prove to someone that mbam works on a 2003 R2 server (earn a sale), and here are the results. This server is very new and never really been on the Internet, so I have my doubts about this being legit.

srmhost.exe is tied to the File Server Resource Manager in R2. Here is a link to the description off technet. Link Here

Thanks for the help and consideration,

Dan (Malwarebytes Partner)

www.yourexodus.com

LOG:

Malwarebytes' Anti-Malware 1.31

Database version: 1456

Windows 5.2.3790 Service Pack 2

12/12/2008 10:48:22 AM

mbam-log-2008-12-12 (10-48-18).txt

Scan type: Quick Scan

Objects scanned: 41853

Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srmreports (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. [5138494534363830417475666876155285668385467079861301414438586436545151384753645

45238516152483953563451386146746883808480718561567479698088846136868383707985557

0

83847480796138898177808370836134698766796870699352856683856452738088469037806884

3

01713011813015749]

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\srmhost.exe (Backdoor.Bot) -> No action taken. [3857535134303566687669808083153580851301362761564247374856526184908485707820196

18483787380848515708970]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.