Jump to content

suspicious file swb.exe detected by the Shuriken

Guest sobar

By Guest sobar
in File Detections

 Share

Recommended Posts

Guest sobar

Guest sobar

Posted
Posted

The swb.exe file appears to be part of the installation of a dictionary application that was once distributed with an edition of a major Polish daily newspaper. Because of this and the fact that the application was requisited by the major scientific-books' publishing house, the PWN, it appears unlikely to contain malware. Still, I hope my reporting it may be of some use.

Underneath you will find the log (created in the developer mode -- I'm sorry for it being in Polish, but that is the language I've gone for when installing Malwarebytes).

---

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Wersja bazy: 7282

Windows 5.1.2600 Dodatek Service Pack 2

Internet Explorer 6.0.2900.2180

2011-07-26 16:59:16

mbam-log-2011-07-26 (16-59-11).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|)

Przeskanowano obiektów: 200343

Upłynęło: 13 minut(y), 33 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 1

Zainfekowane informacje rejestru systemowego: 3

Zainfekowanych folderów: 0

Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\E:\_PXP\PWN\SWB_GW\SWB.EXE (Heuristics.Shuriken) -> Value: SWB.EXE -> No action taken. [ffffffffffffffffffffffffffffffff]

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [b4be3ce0738d09f7d0c5308d25e020e0]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [343e04182bd54ab6ecaa8736689d56aa]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [6a0849d3b54be51b7f18774638cd35cb]

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

e:\_pxp\PWN\SWB_GW\swb.exe (Heuristics.Shuriken) -> No action taken. [ffffffffffffffffffffffffffffffff]

swb.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.