Jump to content


Photo

FP : K-Lite as Trojan.Refroso


  • Please log in to reply
5 replies to this topic

#1 Falkra

Falkra

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 544 posts
  • Gender:Male
  • Location:France
  • Interests:Languages : French, Spanish, English.

Posted 14 August 2009 - 07:57 AM

Hello, ;)

here is a probable new FP on K-Lite, with latest database. I asked the user (it is not on my machine) for a developer log :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2622
Windows 5.1.2600 Service Pack 2

14/08/2009 14:51:21
mbam-log-2009-08-14 (14-51-17).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 118251
Temps écoulé: 7 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Real Alternative\mpclauncher.exe (Trojan.Refroso) -> No action taken. [41345241302219262217666826701967212518212220172519711726231819177020222266]
C:\Program Files\Real Alternative\settings.exe (Trojan.Refroso) -> No action taken. [41345241302219262217666826701967212518212220172519711726231819177020222266]
C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe (Trojan.Refroso) -> No action taken. [41345241302219262217666826701967212518212220172519711726231819177020222266]



#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 14 August 2009 - 08:31 AM

I am getting conflicting reports online about what this decodes to . I am delisting it for now but would love a copy of that file if possible .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Falkra

Falkra

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 544 posts
  • Gender:Male
  • Location:France
  • Interests:Languages : French, Spanish, English.

Posted 14 August 2009 - 08:37 AM

I asked the user to upload me the three mentionned files, and if he still has it, the installer he used, since his version of K-Lite may not be the top recent one.

Update : I have the same database, and when I install separately real alternative (with MP classic), latest version I get no detection. Same thing with latest K-Lite pack (mega pack version, with tools and Real alternative).
It could be an old version, so we need his specific files.

#4 Falkra

Falkra

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 544 posts
  • Gender:Male
  • Location:France
  • Interests:Languages : French, Spanish, English.

Posted 15 August 2009 - 07:58 AM

The user will be back on monday, I think the files should be available, but we'll have to wait a little bit.

#5 Falkra

Falkra

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 544 posts
  • Gender:Male
  • Location:France
  • Interests:Languages : French, Spanish, English.

Posted 18 August 2009 - 05:03 PM

I am delisting it for now but would love a copy of that file if possible .

It was quite long, but I finally got the three files from the user.

Attached File  The3files.zip   922.86KB   41 downloads

#6 Falkra

Falkra

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 544 posts
  • Gender:Male
  • Location:France
  • Interests:Languages : French, Spanish, English.

Posted 23 August 2009 - 01:54 AM

Little up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users