manero_manero

False positive

6 posts in this topic

Hi, in the two logs of MalwareBytes has identified malware in plugin of banks in Brazil.

Look:

Malwarebytes' Anti-Malware 1.34

Vers

Share this post


Link to post
Share on other sites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uni.gpc (Trojan.Agent) -> No action taken.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uni.gpc (Trojan.Agent) -> No action taken.

Arquivos infectados:

C:\WINDOWS\Downloaded Program Files\uni.gpc (Trojan.Agent) -> No action taken.

It's true. In the first log, this entrances are from GBPlugin used by brazilian bank Unibanco. This is the legit files of this plugins:

gbiehuni.dll

Tamanho: 368640 bytes

MD5: 7b175796380360b0ae0d020c330f2045

C:\Arquivos de programas\GbPlugin\gbiehuni.dll

uni.gpc

Tamanho: 33312 bytes

MD5: 6833c0cd3ace03108d957313b9e00408

C:\Arquivos de programas\GbPlugin\uni.gpc

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: GbPluginUni - C:\Arquivos de programas\GbPlugin\gbiehuni.dll

----------

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Not selected for removal.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Not selected for removal.

In the second log, this entrances too are legitime. Belongs to internet banking plugin of Caixa.

This is the legit files of this plugins:

cef.gpc

Tamanho: 64431 bytes

MD5: 1D224338D4BB9A5B15D46496BBD5056D

C:\Arquivos de programas\GbPlugin\cef.gpc

gbiehcef.dll

Tamanho: 366672 bytes

MD5: 285176E4BC7D6778D9740E69BC584302

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

Marcin/Bruce, please review this false positive.

:rolleyes:

Share this post


Link to post
Share on other sites

In attention on your message Bruce .. the log:

Malwarebytes' Anti-Malware 1.34

Vers

Share this post


Link to post
Share on other sites

Thanks , resolved in next update .

Share this post


Link to post
Share on other sites
make sure to remind all guests with potential FPs to generate a dev log with the instructions

Sorry, I'll do in the next report.

resolved in next update .

Thanks a lot!

;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.