Jump to content

suspicious file swb.exe detected by the Shuriken

Guest sobar

Recommended Posts

Guest sobar

The swb.exe file appears to be part of the installation of a dictionary application that was once distributed with an edition of a major Polish daily newspaper. Because of this and the fact that the application was requisited by the major scientific-books' publishing house, the PWN, it appears unlikely to contain malware. Still, I hope my reporting it may be of some use.

Underneath you will find the log (created in the developer mode -- I'm sorry for it being in Polish, but that is the language I've gone for when installing Malwarebytes).


Malwarebytes' Anti-Malware


Wersja bazy: 7282

Windows 5.1.2600 Dodatek Service Pack 2

Internet Explorer 6.0.2900.2180

2011-07-26 16:59:16

mbam-log-2011-07-26 (16-59-11).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|)

Przeskanowano obiektów: 200343

Upłynęło: 13 minut(y), 33 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 3

Zainfekowanych folderów: 0

Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\_PXP\PWN\SWB_GW\SWB.EXE (Heuristics.Shuriken) -> Value: SWB.EXE -> No action taken. [ffffffffffffffffffffffffffffffff]

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [b4be3ce0738d09f7d0c5308d25e020e0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [343e04182bd54ab6ecaa8736689d56aa]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [6a0849d3b54be51b7f18774638cd35cb]

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

e:\_pxp\PWN\SWB_GW\swb.exe (Heuristics.Shuriken) -> No action taken. [ffffffffffffffffffffffffffffffff]


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.