 Wextract.exe, False Positive? |
  |
 Feb 21 2009, 06:04 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 21-February 09 Member No.: 9,878  |
Hi:
Malwarebytes' Anti-Malware 1.34 Database version: 1785 Windows 5.1.2600 Service Pack 2 2/21/2009 12:21:07 PM mbam-log-2009-02-21 (12-21-00).txt Scan type: Quick Scan Objects scanned: 71253 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. Is this a false positive? Thanks |
 |
 
|
|
Feb 21 2009, 06:08 PM
Post
#2
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
QUOTE (mhhack @ Feb 21 2009, 07:04 PM)  Hi: Malwarebytes' Anti-Malware 1.34 Database version: 1785 Windows 5.1.2600 Service Pack 2 2/21/2009 12:21:07 PM mbam-log-2009-02-21 (12-21-00).txt Scan type: Quick Scan Objects scanned: 71253 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. Is this a false positive? Thanks My is this a relief, haha! Do you have Sandboxie installed? |
|
|
|
|
Feb 21 2009, 06:13 PM
Post
#3
|
|
 Forum Deity Group: Administrators Posts: 9,284 Joined: 30-December 06 From: Northampton, MA USA Member No.: 884 |
Update and scan again , this might be fixed .
If not read the instructions here : http://www.malwarebytes.org/forums/index.php?showtopic=3228 and post the dev version log . -------------------- |
|
|
|
|
Feb 21 2009, 06:18 PM
Post
#4
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
Doing so now, thanks for the quick response.
|
|
|
|
|
Feb 21 2009, 06:30 PM
Post
#5
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
Malwarebytes' Anti-Malware 1.34
Database version: 1786 Windows 5.1.2600 Service Pack 3 2/22/2009 4:29:22 AM mbam-log-2009-02-22 (04-29-22).txt Scan type: Full Scan (C:\|) Objects scanned: 78977 Time elapsed: 11 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Guess we're clear, thanks for the swift fix! |
|
|
|
|
Feb 21 2009, 06:45 PM
Post
#6
|
|
|
New Member Group: Members Posts: 4 Joined: 21-February 09 Member No.: 9,878 |
QUOTE (d.a.a @ Feb 21 2009, 01:08 PM) My is this a relief, haha! Do you have Sandboxie installed? Yes. |
|
|
|
|
Feb 21 2009, 06:59 PM
Post
#7
|
|
|
New Member Group: Members Posts: 4 Joined: 21-February 09 Member No.: 9,878 |
QUOTE (mhhack @ Feb 21 2009, 01:04 PM) Hi: Malwarebytes' Anti-Malware 1.34 Database version: 1785 Windows 5.1.2600 Service Pack 2 2/21/2009 12:21:07 PM mbam-log-2009-02-21 (12-21-00).txt Scan type: Quick Scan Objects scanned: 71253 Time elapsed: 2 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. Is this a false positive? Thanks mbam.exe /developer: Malwarebytes' Anti-Malware 1.34 Database version: 1785 Windows 5.1.2600 Service Pack 2 2/21/2009 1:56:32 PM mbam-log-2009-02-21 (13-56-24).txt Scan type: Quick Scan Objects scanned: 71295 Time elapsed: 1 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. [5253514247403037391723252324363419363425182436192118342517243621391837251724361 818172025182436221924172519243623192239251924363418262425202436] |
|
|
|
|
Feb 21 2009, 07:01 PM
Post
#8
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
Odd, I've not detected anything. Did you update?
Another note: Ever had any Sandboxie related FP's in the past? |
|
|
|
|
Feb 21 2009, 07:13 PM
Post
#9
|
|
|
New Member Group: Members Posts: 4 Joined: 21-February 09 Member No.: 9,878 |
QUOTE (d.a.a @ Feb 21 2009, 02:01 PM) Odd, I've not detected anything. Did you update? Another note: Ever had any Sandboxie related FP's in the past? Just updated - I had done it earlier today! In any event, it has not tagged wextract.exe this time around. Thanks |
|
|
|
|
Feb 22 2009, 02:17 AM
Post
#10
|
|
|
New Member Group: Members Posts: 2 Joined: 22-February 09 Member No.: 9,901 |
Hi,
First of all I must apologize for my english ( I’m french ). I have not clearly understood. Is Wextract ( Backdoor.bot ) a false positive or is it a problem for my machine ? After analysis, this “Trojan” is quarantined but it comes back during the next analysis. Is it a problem ? Thank you for taking the time to consider my demand and thank you for the quality of Malwarebytes software. Best regards Osgot |
|
|
|
|
Feb 22 2009, 02:20 AM
Post
#11
|
|
|
Forum Deity Group: Administrators Posts: 9,284 Joined: 30-December 06 From: Northampton, MA USA Member No.: 884 |
@Osgot
Please update and scan again , there have been quite a few updates today and this problem was fixed earlier . -------------------- |
|
|
|
|
Feb 22 2009, 02:25 AM
Post
#12
|
|
|
New Member Group: Members Posts: 2 Joined: 22-February 09 Member No.: 9,901 |
Thank you very much for this ultra fast reply !!!
I'm going to update ... So , it's not a danger for my machine... 
|
|
|
|
|
Feb 22 2009, 04:05 AM
Post
#13
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it.
|
|
|
|
|
Feb 22 2009, 04:08 AM
Post
#14
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
QUOTE (d.a.a @ Feb 22 2009, 05:05 AM) I've updated MBAM and run it again a few minutes ago and it has detected wextract.exe. I did install Sandboxie again and I do think that it is related to it. Drop that, I spoke too soon, it's the same folder but this time it's Trojan.Autorun -- msnmsgs.exe: Malwarebytes' Anti-Malware 1.34 Database version: 1790 Windows 5.1.2600 Service Pack 3 2/22/2009 2:06:52 PM mbam-log-2009-02-22 (14-06-50).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 40465 Time elapsed: 16 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken. Should I just give up on Sandboxie? |
|
|
|
|
Feb 22 2009, 04:28 AM
Post
#15
|
|
|
Forum Deity Group: Administrators Posts: 9,284 Joined: 30-December 06 From: Northampton, MA USA Member No.: 884 |
QUOTE C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe (Trojan.Autorun) -> No action taken. I think I just fixed this . I need to know if 1792 does not fix this . -------------------- |
|
|
|
|
Feb 22 2009, 04:30 AM
Post
#16
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
QUOTE (nosirrah @ Feb 22 2009, 05:28 AM) I think I just fixed this . I need to know if 1792 does not fix this . Testing now. Why do you think this has occurred after the installation of Sandboxie? I guess chances are it isn't even related and I'm scanning at the wrong time, haha! Thanks again. |
|
|
|
|
Feb 22 2009, 04:45 AM
Post
#17
|
|
|
New Member Group: Members Posts: 14 Joined: 21-February 09 Member No.: 9,882 |
Malwarebytes' Anti-Malware 1.34
Database version: 1792 Windows 5.1.2600 Service Pack 3 2/22/2009 2:44:54 PM mbam-log-2009-02-22 (14-44-54).txt Scan type: Quick Scan Objects scanned: 18664 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Feb 22 2009, 05:02 AM
Post
#18
|
|
|
New Member Group: Members Posts: 3 Joined: 22-February 09 Member No.: 9,905 |
QUOTE (d.a.a @ Feb 22 2009, 05:45 AM) Malwarebytes' Anti-Malware 1.34
Database version: 1792 Windows 5.1.2600 Service Pack 3 2/22/2009 2:44:54 PM mbam-log-2009-02-22 (14-44-54).txt Scan type: Quick Scan Objects scanned: 18664 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Feb 22 2009, 05:03 AM
Post
#19
|
|
|
New Member Group: Members Posts: 3 Joined: 22-February 09 Member No.: 9,905 |
QUOTE (d.a.a @ Feb 22 2009, 05:45 AM) Malwarebytes' Anti-Malware 1.34
Database version: 1792 Windows 5.1.2600 Service Pack 3 2/22/2009 2:44:54 PM mbam-log-2009-02-22 (14-44-54).txt Scan type: Quick Scan Objects scanned: 18664 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
|
|
|
Feb 22 2009, 05:12 AM
Post
#20
|
|
|
New Member Group: Members Posts: 3 Joined: 22-February 09 Member No.: 9,905 |
Hello.
OK, it seems to be corrected. Another detection of false positive (ERUpdateHidden.EXE) have been corrected, both wextract.exe and ERUpdateHidden.EXE where from ACER computer. Fichier(s) infecté(s): C:\WINDOWS\system32\wextract.exe (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\ERUpdateHidden.EXE (Backdoor.Bot) -> No action taken. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 29th July 2010 - 10:26 PM () |