Malwarebytes

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

bewijeze.exe

Started by Firefox, Oct 15 2009 07:46 PM

This topic is locked
Go to first unread post

1 reply to this topic

#1
Firefox

Posted 15 October 2009 - 07:46 PM

Forum Deity

Trusted Advisors
5,591 posts

Gender:Male
Location:USA

While cleaning a computer, I had a hard time removing a rootkit. Malwarebytes did not catch it, and this rootkit was giving me errors trying to remove malwarebytes and run the clean tool. It also would not give me a clean install. Once I removed these two files that I included in the zip file, the rootkit was gone, and I was able to install malwarebytes and run a successful scan. There are two files inside the zip file, one is an exe file the other is has no extension. They were hidden protected files and I was not able to change their attributes.

You guys may want to check them out.

Posted Image

Dell Precision T5400, Win7 Ultimate 32bit fully updated, Symantec Endpoint Protection,
Watchguard Firewall, Intel Xeon CPU, Dual Quad Core Processors, 4GB Ram,
E5410 @ 2.33GHz, Nvidia Quadro FX570, Raid-1 Dual 500GB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE9, Opera, MBAM

#2
Fatdcuk

Posted 15 October 2009 - 07:54 PM

Malware BBQ'er

Moderators
16,155 posts

Gender:Male
Location:127.0.0.1

Hi FireFox,

Thanks for uploading the files but niether of them our PE files.
http://www.virustotal.com/analisis/bee0439...4228-1255636233
http://www.virustotal.com/analisis/bb1038e...6e07-1255636424

It is quite possible the computer had the MAX++ Rootkit installed which is currently making MBAM operations impossible(it changes file permissions on all MBAM files).Once it is unloaded MBAM can be uninstalled and reinstalled to repair this direct attack on our software.

Ade Gill
Research Engineer