Jump to content

Infections found with 1.51.1.1800


Recommended Posts

I run Avast, MBAM and SAS (free versions) scans daily and haven't had anything but a couple of false positives on Avast since I put this computer together, but today after installing the 1.51.1.1800 version of MBAM I had 9 infections:

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

c:\Users\administrator\AppData\Local\Temp\cmdlineext01.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Local\Temp\SIntf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Local\Temp\SIntfNT.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\cmdlineext03.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\cmdlineext03.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Now nothing had come up in any of my other scanners, and apparently c:\Users\administrator\AppData\Local\Temp\cmdlineext01.dll had been on my computer since May without being flagged, is there a chance they could be false positives? Because if not I have no idea how I became infected, because I keep all my security and programs up to date, and I use Mozilla with Noscrpit.

Link to post
Share on other sites

Full log

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7139

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

14/07/2011 21:52:42

mbam-log-2011-07-14 (21-52-42).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 325355

Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\administrator\AppData\Local\Temp\cmdlineext01.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Local\Temp\SIntf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\administrator\AppData\Local\Temp\SIntfNT.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\cmdlineext03.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\cmdlineext03.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi there!

I have registered now because I have exactly the same issue.

After updating MBAM to Version 1.51.1.1800 I ran a scan which results in this infections.

I have isolated these files and scanned it with virustotal.com which said it's clean.

I use several 'security-lines' so i can't explain where it should come from.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Datenbank Version: 7141

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

15.07.2011 00:01:33

mbam-log-2011-07-15 (00-01-30).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 190721

Laufzeit: 3 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 4

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 6

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu.1 (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CmdLineExt.CmdLineContextMenu (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

Infizierte Dateien:

c:\Windows\System32\cmdlineext03.dll (Trojan.Agent) -> No action taken.

c:\Windows\System32\SIntf32.dll (Trojan.Agent) -> No action taken.

c:\Windows\System32\SIntfNT.dll (Trojan.Agent) -> No action taken.

c:\Windows\SysWOW64\cmdlineext03.dll (Trojan.Agent) -> No action taken.

c:\Windows\SysWOW64\SIntf32.dll (Trojan.Agent) -> No action taken.

c:\Windows\SysWOW64\SIntfNT.dll (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.