Jump to content

Malwarebytes

DivX Player\pS2Xx.ddc = Backdoor.Bot?

Started by Jason023, Jul 25 2009 05:20 PM

5 replies to this topic

#1
Jason023
Posted 25 July 2009 - 05:20 PM

    New Member

  • Members
  • Pip
  • 3 posts
Hi, all. I do scans with Malwarebytes regularly and this is the first infected file to come up.

Files Infected:
c:\program files\DivX\divx player\pS2Xx.ddc (Backdoor.Bot) -> Quarantined and deleted successfully.

I haven't restored the file to check when it was created, but the containing folder has been unmodified for over 2 years and everything else in it is just as old. I'm sure it's been that long since I've installed or used DivX Player, so that makes sense. It wasn't picked up until after I updated MBAM this week. Is it possible that this is a false positive and the file is just from an older, legitimate install?

Is it safe to restore the file and submit it to a site like virustotal?

#2
nosirrah
Posted 25 July 2009 - 05:22 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
Restore , update and scan again , I believe that this was already fixed .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
Jason023
Posted 25 July 2009 - 05:34 PM

    New Member

  • Members
  • Pip
  • 3 posts
Thanks for the quick reply.
I updated to "Database version: 2500" and restored the file. It is still said to be infected.

Uploading to virustotal gives clean results. 0/41 (0.00%)

#4
nosirrah
Posted 25 July 2009 - 06:12 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
Please follow these instructions :

http://www.malwareby...?showtopic=3228
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5
Jason023
Posted 25 July 2009 - 07:20 PM

    New Member

  • Members
  • Pip
  • 3 posts

View Postnosirrah, on Jul 25 2009, 07:12 PM, said:

Please follow these instructions :

http://www.malwareby...?showtopic=3228

Malwarebytes' Anti-Malware 1.39
Database version: 2500
Windows 5.1.2600 Service Pack 2

7/25/2009 3:19:16 PM
mbam-log-2009-07-25 (15-19-12).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)
Objects scanned: 226496
Time elapsed: 1 hour(s), 1 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\DivX\divx player\pS2Xx.ddc (Backdoor.Bot) -> No action taken. [55385152424847304680807977747273850136808369777084840145856911]

#6
chimpy
Posted 11 August 2009 - 09:38 PM

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 775 posts
  • Gender:Female
  • Location:North of England
Was this checked out as a deffo FP?
I saw another thread about this and I inferred it was but can some one clarify?
Vista HB 32 bit
WoT
ABP
Sandboxie free
MBAM
Ccleaner
NoScript
AVG 2011 free
Hostsman
Back to General Malwarebytes Anti-Malware Forum · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. General Malwarebytes Anti-Malware Forum

Products

About

Partners

Follow Us