Jump to content

Malwarebytes

MalwareBot

Started by Jaxryley, Dec 18 2008 12:50 AM

2 replies to this topic

#1
Jaxryley
Posted 18 December 2008 - 12:50 AM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.
Installer may need looking at?
hxxp://www.malwarebot.com/

Quote

File setupxv.exe received on 11.27.2008 11:12:28 (CET)
Current status: finished
Result: 2/37 (5.41%)
Virus Total

#2
sho-dan
Posted 18 December 2008 - 11:01 AM

    कैंसर योद्धा

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,023 posts
  • Gender:Not Telling
  • Location:Jah Jersey Shore
Tested:
MBAM and PM flags/removes MalwareBot, install and ran malwarebot scan. The installer setupav.exe 4.99mb remains on desktop and in Add/Remove need to manually remove them.

Developers log
Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 3

12/18/2008 6:16:16 AM
mbam-log-2008-12-18 (06-16-16).txt

Scan type: Quick Scan
Objects scanned: 47354
Time elapsed: 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 13

Memory Processes Infected:
C:\Program Files\MalwareBot\MalwareBot.exe (Rogue.MalwareBot) -> Failed to unload process. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]

Memory Modules Infected:
C:\Program Files\MalwareBot\SpyCleaner.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\TCL.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\zlib.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]

Registry Keys Infected:
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\8bf9cd9f316af4348a9e5930114224af (Rogue.MalwareBot) -> Quarantined and deleted successfully. [4054423730518072867015466677886683703580851301256771266869267120182366712120212
5662670222620171818211919216671]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\8bf9cd9f316af4348a9e5930114224af (Rogue.MalwareBot) -> Quarantined and deleted successfully. [4054423730518072867015466677886683703580851301256771266869267120182366712120212
5662670222620171818211919216671]
HKEY_CURRENT_USER\SOFTWARE\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3857535134305180728670154666778866837035808513014144385864365451513847536454523
8516152483953563451386146667788668370358085]

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\malwarebot\ (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3857535134305180728670154666778866837035808513014144385864454836344564463436414
24738615248395356345138614674688380848071856156747969808884613686838370798555708
3
8474807961427984856677777083613980776970838493117866778866837067808511]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\malwarebot\ (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3857535134305180728670154666778866837035808513014144385864454836344564463436414
24738615248395356345138614674688380848071856156747969808884613686838370798555708
3
8474807961427984856677777083613980776970838493117866778866837067808511]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3857535134305180728670154666778866837035808513014144385864365451513847536454523
85161524839535634513861467468838084807185615674796980888461368683837079855570838
4
748079615186799346667788668370358085]

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MalwareBot (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461347777015484708384615285668385014670798661498380728366788461466
6
7788668370358085]
C:\Documents and Settings\shogun\Application Data\MalwareBot (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]
C:\Documents and Settings\shogun\Application Data\MalwareBot\Log (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]
C:\Documents and Settings\shogun\Application Data\MalwareBot\Settings (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]

Files Infected:
C:\Program Files\MalwareBot\DataBase.ref (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\MalwareBot.exe (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\MalwareBot.url (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\SpyCleaner.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\TCL.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\vistaCPtasks.xml (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Program Files\MalwareBot\zlib.dll (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276149838072836678013974777084614
6667788668370358085]
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareBot\MalwareBot on the Web.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461347777015484708384615285668385014670798661498380728366788461466
6
7788668370358085]
C:\Documents and Settings\All Users\Start Menu\Programs\MalwareBot\MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461347777015484708384615285668385014670798661498380728366788461466
6
7788668370358085]
C:\Documents and Settings\shogun\Application Data\MalwareBot\rs.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]
C:\Documents and Settings\shogun\Application Data\MalwareBot\Log\2008 Dec 18 - 06_11_51 AM_125.log (Rogue.MalwareBot) -> Delete on reboot. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]
C:\Documents and Settings\shogun\Application Data\MalwareBot\Settings\ScanResults.pie (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3742513051807286701546667788668370358085130136276137806886787079858401667969015
27085857479728461847380728679613481817774686685748079013766856661466677886683703
5
8085]
C:\Documents and Settings\All Users\Desktop\MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. [3857535134305180728670154666778866837035808513013627613780688678707985840166796
9015270858574797284613477770154847083846137708476858081614666778866837035808511]
"Don't worry about a thing,
'Cause every little thing gonna be all right!"

#3
Jaxryley
Posted 18 December 2008 - 12:15 PM

    Forum Deity

  • Malware Hunters
  • PipPipPipPipPipPip
  • 6,718 posts
  • Gender:Male
  • Location:West Aussie
  • Interests:Gardening and computers.

View Postsho-dan, on Dec 18 2008, 07:01 PM, said:

Tested:
MBAM and PM flags/removes MalwareBot, install and ran malwarebot scan. The installer setupav.exe 4.99mb remains on desktop and in Add/Remove need to manually remove them.
setupxv.exe not being flagged here nor is the install?
Back to Newest Rogue Threats · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Research Center
  3. Newest Rogue Threats

Products

About

Partners

Follow Us