d.a.a
Honorary Members-
Posts
22 -
Joined
-
Last visited
Reputation
0 Neutral-
Updated and scanned today and these two were detected. I recently installed an Avermedia capture card, but literally everything on my PC is running in a sandbox, so I can't really understand what's happened here. Both files on VT: https://www.virustotal.com/en/file/6648ffa82034fbc4e3047a946c2e3baeade31127be2b3c68d37b800b8815210b/analysis/1364459114/ https://www.virustotal.com/en/file/6648ffa82034fbc4e3047a946c2e3baeade31127be2b3c68d37b800b8815210b/analysis/1364459792/ ---- Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.28.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 d :: D-PC [administrator] 28/03/2013 18:30:01 MBAM-log-2013-03-28 (18-30-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231747 Time elapsed: 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\System32\core.dll (Trojan.Agent) -> No action taken. C:\Windows\SysWOW64\core.dll (Trojan.Agent) -> No action taken. (end)
-
The file appears to have been deleted after a restart anyway. Not entirely sure what happened... thanks.
-
Great, thanks. Should I wait for an update before removing, if it's harmless?
-
Updated and scanned, and this thing showed up. No changes, aside from a Microsoft mouse driver being installed. 0/43 on VirusTotal Here's a developer log and the attached file: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4733 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/10/2010 2:52:37 PM mbam-log-2010-10-02 (14-52-37).txt Scan type: Full scan (C:\|E:\|F:\|) Objects scanned: 494816 Time elapsed: 1 hour(s), 6 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\e8ed5f9c4648ca30b1a4c53d98d2d47dd40b4eb3.HomeGroupClassifier\353d7bb469bb4834f371bd3e7681988b\grouping\edb003B1.log (Extension.Mismatch) -> No action taken. [88F127E9D8648C4D95FD86711C18BD28] edb003B1.rar
-
Here you are: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4412 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10/08/2010 7:08:54 PM mbam-log-2010-08-10 (19-08-54).txt Scan type: Full scan (C:\|) Objects scanned: 244320 Time elapsed: 26 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files (x86)\Last.fm\killer.exe (Worm.Koobface) -> No action taken. [66CBB64F59FA91A344C805C779E2D549]
-
I haven't scanned since around August 6th, today I updated (the 10th), and this thing showed up. Did you fix it in the recent update or has something gone wrong with my MBAM? Thanks!
-
2Ton, try updating -- it shouldn't be detected with the latest updates.
-
Yep.. as you can see there were some issues earlier, so let us hope this one is resolved quickly too!
-
This issue appears to be fixed, but after scanning with 1820, wextract. exe is flagged as "Trojan.Vundo". Developer mode log: Malwarebytes' Anti-Malware 1.34 Database version: 1820 Windows 5.1.2600 Service Pack 3 3/5/2009 7:33:45 PM mbam-log-2009-03-05 (19-33-41).txt Scan type: Quick Scan Objects scanned: 58181 Time elapsed: 1 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373 61917251717363636363636363636362535393922222535383625182437173635181717171717172 4 22181725202437181717172422173425202437182139382422172120203617383518253939242218 2 13939242218173939242217363939242217253939202234173621171717183939182235361818171 7 171822373619]
-
I've attached an image from when I click 'jump to location'. Seems it's to do with Process Explorer.
-
Have just detected the same one -- you guys have "Process Explorer" installed? I'm inclined to believe that it may be related to the "take over taskmgr.exe" feature of it.
-
Malwarebytes' Anti-Malware 1.34 Database version: 1792 Windows 5.1.2600 Service Pack 3 2/22/2009 2:44:54 PM mbam-log-2009-02-22 (14-44-54).txt Scan type: Quick Scan Objects scanned: 18664 Time elapsed: 10 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Testing now. Why do you think this has occurred after the installation of Sandboxie? I guess chances are it isn't even related and I'm scanning at the wrong time, haha! Thanks again.