Jump to content

Einstein

Experts
  • Posts

    138
  • Joined

  • Last visited

Reputation

0 Neutral

About Einstein

  • Birthday 09/13/1979

Contact Methods

  • Website URL
    http://www.linhadefensiva.org
  • ICQ
    0

Profile Information

  • Location
    Sao Paulo, Brazil
  1. Rest in peace Matt :'(

  2. nosirrah, Anything new on it? IRPF is quite popular in Brazil, installed on million of machines. I think it's good to fix it ASAP. If you want I can try to install it and generate the developers log.
  3. Yeah, I know, but for me it's impossible to create this log on the user's machine. I saw it in a log on a forum: http://forum.clubedohardware.com.br/showpo...amp;postcount=1
  4. I haven't the files here, but MBAM are flagging some legitimate files belongs to IRPF, the brazilian IRS: C:\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. C:\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2003\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2004\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2005\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. D:\Backup\Arquivos de programas\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully. You can download the lastest version of the program here: http://www.receita.fazenda.gov.br/PessoaFi...d-programas.htm
  5. Congratulations Malwarebytes and Merijn!!!!
  6. Hello guys, I reported this false positive to PDM Team of Kaspersky, cause is a generic detection of the heuristic. I installed MBAM a few minutes ago and nothing was detected here (using KAV 2010). If the detection still persists, please warn me
  7. Congratulations to all team for this great effort!
  8. Sorry, I'll do in the next report. Thanks a lot!
  9. It's true. In the first log, this entrances are from GBPlugin used by brazilian bank Unibanco. This is the legit files of this plugins: gbiehuni.dll Tamanho: 368640 bytes MD5: 7b175796380360b0ae0d020c330f2045 C:\Arquivos de programas\GbPlugin\gbiehuni.dll uni.gpc Tamanho: 33312 bytes MD5: 6833c0cd3ace03108d957313b9e00408 C:\Arquivos de programas\GbPlugin\uni.gpc O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll ---------- In the second log, this entrances too are legitime. Belongs to internet banking plugin of Caixa. This is the legit files of this plugins: cef.gpc Tamanho: 64431 bytes MD5: 1D224338D4BB9A5B15D46496BBD5056D C:\Arquivos de programas\GbPlugin\cef.gpc gbiehcef.dll Tamanho: 366672 bytes MD5: 285176E4BC7D6778D9740E69BC584302 C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll Marcin/Bruce, please review this false positive.
  10. GT500: Brazilians users have reported the same freezing in full scans: http://www.linhadefensiva.org/forum/index....showtopic=89105 The topic you refer only works with 1.32 version, not with 1.33. If you try what is described in the topic, appears the mesage: "The database that you're using its not supported in this version. Download and install the lastest version"
  11. Happy New Year to all members and visitants for Malwarebytes!
  12. And this is the detected file: domino.exe password: mbam Best Regards,
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.