e3henri

wextract.exe (Trojan.Vundo)

10 posts in this topic

After updating to 1820 it detects A Vundo Trojan in wextract.

After a succesful removal and a new scan it is still there.

This was not present in 1819. False?

I just a removed a lots a trojans with this excellent tool (I didnt know I had them and I though I was an experienced user who doesnt get "stuff" in my computer) so Im a bit angious right now to get my machine totally clean.

Great program. Finds more than Spyware doctor

(Swedish log file - sorry for that)

Malwarebytes' Anti-Malware 1.34

Databasversion: 1820

Windows 5.1.2600 Service Pack 3

2009-03-05 10:53:35

mbam-log-2009-03-05 (10-53-35).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 65168

F

Share this post


Link to post
Share on other sites

Developer log:

Infekterade filer:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> Quarantined and deleted successfully. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites

I have exactly the same

Malwarebytes' Anti-Malware 1.34

Database version: 1820

Windows 5.1.2600 Service Pack 3

05/03/2009 10:05:17

mbam-log-2009-03-05 (10-05-03).txt

Scan type: Quick Scan

Objects scanned: 104289

Time elapsed: 1 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken. [5253514247403034173621171717182334393639392422172539391822352118181717171822373

61917251717363636363636363636362535393922222535383625182437173635181717171717172

4

22181725202437181717172422173425202437182139382422172120203617383518253939242218

2

13939242218173939242217363939242217253939202234173621171717183939182235361818171

7

171822373619]

Share this post


Link to post
Share on other sites
Had the same as reported in

this thread

I created this new thread since it looks like the old wextract problem was solved over a week ago and this new issue is started from 1820.

But lets the admins decide what to do.

Hope to get any feedback soon.

But since there are at least 3 people reporting this in the last 30 minutes and think it is false.

Share this post


Link to post
Share on other sites

I got something similar to that as well. 3 instances of wextract.exe appeared when I performed a full scan. So now I'm just sitting here with the results page open wondering if it's safe to remove them.

Files Infected:

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

I am getting tired would it make a difference if I were to remove them?

Sorry if this is the wrong place to post.

Share this post


Link to post
Share on other sites
I got something similar to that as well. 3 instances of wextract.exe appeared when I performed a full scan. So now I'm just sitting here with the results page open wondering if it's safe to remove them.

Files Infected:

C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.

C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.

I am getting tired would it make a difference if I were to remove them?

Sorry if this is the wrong place to post.

I removed mine (in service32\) and it says successfully removed. After a new smart scan It is still there.

Dont know if the remove does anything in the case

Share this post


Link to post
Share on other sites

I also had the same today with wextract.exe, I allowed it to be deleted, figuring I can always restore it from quarantine it it turns out to be an FP.

Steve

Share this post


Link to post
Share on other sites
I removed mine (in service32\) and it says successfully removed. After a new smart scan It is still there.

Dont know if the remove does anything in the case

Hmm alrighty then.

I'm just afraid if I were to shutdown and go to sleep that it'll damage my computer or if I were to delete them and it ends up as a false positive that it'll damage my computer.

I'm not to experienced in false positives so any clarification is appreciated. ^^;

Share this post


Link to post
Share on other sites

Confirmed as F/P.

Please add to your ignore list and or restore from quarantine.

This should be fixed shortly in defs update.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.