Sign In
Create Account
1
I don't know if these are false positives or not. Please help. I can upload these files if neccessary.
I wanted to scan device F: (USB stick) and it finds a backdoor.bot in C:\_. Please explain/help.
Thank you,
Saso
Malwarebytes' Anti-Malware 1.41
Database version: 3149
Windows 5.1.2600 Service Pack 3
11.11.2009 21:23:09
mbam-log-2009-11-11 (21-23-08).txt
Scan type: Full Scan (F:\|)
Objects scanned: 93148
Time elapsed: 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\_ (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
Files Infected:
C:\_\dvd728.txt (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
C:\_\dvd728_051_dfu_eng.pdf (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
C:\_\list.txt (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
C:\_\WIPkozolec1.jpg (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
C:\_\WIPkozolec2.jpg (Backdoor.Bot) -> No action taken. [37425130356668766980808315358085130106514848533751425538066164]
Back to top
#2
Posted 12 November 2009 - 02:01 PM
-
- Moderators
-
- 4,232 posts
Forum Deity
- Gender:Male
- Location:Tyneside, UK
Could you upload a copy of the files to the following so the analysts can take a look please?
http://uploads.malwarebytes.org
http://uploads.malwarebytes.org
#3
Posted 13 November 2009 - 09:33 PM
-
- Members
-
- 3 posts
New Member
Upload in progress (miskox.zip).
I did some tests:
1. I created a folder "_" (empty folder) without quotation marks and MBA detected it as backdoor.bot
2. I created a folder _X_ (empty folder9 and it was OK (MBAM found nothing)
3. I created a folder _X_ and copied files in it and it was OK (MBAM found nothing)
I will recheck steps above again on monday + another test (scan of C: only) - I can't rememeber the resulsts.
Saso
I did some tests:
1. I created a folder "_" (empty folder) without quotation marks and MBA detected it as backdoor.bot
2. I created a folder _X_ (empty folder9 and it was OK (MBAM found nothing)
3. I created a folder _X_ and copied files in it and it was OK (MBAM found nothing)
I will recheck steps above again on monday + another test (scan of C: only) - I can't rememeber the resulsts.
Saso
#4
Posted 13 November 2009 - 09:34 PM
-
- Moderators
-
- 4,232 posts
Forum Deity
- Gender:Male
- Location:Tyneside, UK
Thanks for letting me know.
#5
Posted 16 November 2009 - 07:49 AM
-
- Members
-
- 3 posts
New Member
Update:
I did some tests (again). Here are the results. I performed a full scan of C: :
1. I left a "_" folder with all these files there - MBAM found backdoor.bot
2. I also copied folder "_" to "_X_": MBAM found backdoor.bot in "_" and NOT in "_X_"
3. I renamed "_" to "_X_" found NOTHING.
Hope this helps.
Saso
I did some tests (again). Here are the results. I performed a full scan of C: :
1. I left a "_" folder with all these files there - MBAM found backdoor.bot
2. I also copied folder "_" to "_X_": MBAM found backdoor.bot in "_" and NOT in "_X_"
3. I renamed "_" to "_X_" found NOTHING.
Hope this helps.
Saso
#6
Posted 16 November 2009 - 07:51 AM
-
- Moderators
-
- 4,232 posts
Forum Deity
- Gender:Male
- Location:Tyneside, UK
I've pinged the def's team concerning this one, they should get back to you shortly.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
