MAM Posted January 6, 2010 ID:180840 Share Posted January 6, 2010 Is this a real infection, or a False Positives from Malwarebytes' Anti-Malware ?Because Kaspersky Internet Security 8.0.0.506 found nothing by me.The Log from Malwarebytes' Anti-Malware:Malwarebytes' Anti-Malware 1.43Database version: 3504Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870206.01.2010 21:46:34mbam-log-2010-01-06 (21-46-32).txtScan type: Full Scan (C:\|D:\|E:\|F:\|)Objects scanned: 166912Time elapsed: 30 minute(s), 48 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021061.exe (Trojan.Patch) -> No action taken. [EB6767FA8BE8439F370DCAD7AFBC9DE3]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021062.exe (Virus.Virut) -> No action taken. [DA21FA5F518022407F43F9AF2AC1EA26]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021063.exe (Virus.Virut) -> No action taken. [314A6BC28F7FC3E42482EBBA1A384C02]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022161.exe (Keylogger.Ardamax) -> No action taken. [8DE0F519BADCC5D79B6A163ED264187F]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022170.exe (Monitor.PerfLogger) -> No action taken. [20CC1F9A4CF85E3D7DD844E5FA4AB37E]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022171.exe (Monitor.PerfLogger) -> No action taken. [C81089F7DC0EA09B6FEE19958A9AB26D]MAM Link to post Share on other sites More sharing options...
MAM Posted January 7, 2010 Author ID:181028 Share Posted January 7, 2010 Now i have this result:Malwarebytes' Anti-Malware 1.43Database version: 3507Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870207.01.2010 10:52:52mbam-log-2010-01-07 (10-52-49).txtScan type: Full Scan (C:\|D:\|E:\|F:\|)Objects scanned: 167072Time elapsed: 30 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021061.exe (Trojan.Patch) -> No action taken. [EB6767FA8BE8439F370DCAD7AFBC9DE3]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021062.exe (Virus.Virut) -> No action taken. [DA21FA5F518022407F43F9AF2AC1EA26]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021063.exe (Virus.Virut) -> No action taken. [314A6BC28F7FC3E42482EBBA1A384C02]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP100\A0021069.exe (HackTool.Hiderun) -> No action taken. [bFAF0A3EFAC39AE182706AECDA39A92C]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022161.exe (Keylogger.Ardamax) -> No action taken. [8DE0F519BADCC5D79B6A163ED264187F]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022170.exe (Monitor.PerfLogger) -> No action taken. [20CC1F9A4CF85E3D7DD844E5FA4AB37E]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022171.exe (Monitor.PerfLogger) -> No action taken. [C81089F7DC0EA09B6FEE19958A9AB26D]F:\System Volume Information\_restore{2F8603EE-B839-4B83-BEEF-4051E8BD7D28}\RP101\A0022177.exe (HackTool.Hiderun) -> No action taken. [bFAF0A3EFAC39AE182706AECDA39A92C]Is this a False Positives ?MAM Link to post Share on other sites More sharing options...
nosirrah Posted January 7, 2010 ID:181046 Share Posted January 7, 2010 System Volume Information\_restoreThat is system restore . Any infections that have ever been in your system are backed up there just like like any other executables . These are not FPs , just remove them . Link to post Share on other sites More sharing options...
Fatdcuk Posted January 7, 2010 ID:181055 Share Posted January 7, 2010 MAM they are from the malware files that you uploaded to the research centre.Your system restore has saved them despite you deleting them from your drive Link to post Share on other sites More sharing options...
JoleFindsTheRogues Posted January 7, 2010 ID:181069 Share Posted January 7, 2010 Ye that happens to me too , system restore backs up the .exes . Link to post Share on other sites More sharing options...
MAM Posted January 7, 2010 Author ID:181081 Share Posted January 7, 2010 Oh, my goodness !Ok, thanks for the replay, ihave deleted this crap MAM Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now