OSCIVWAR

GoogleUpdateSetup.exe (Trojan.Ransom) FALSE POSITIVE??

11 posts in this topic

MBAM just found two trojans --- GoogleUpdateSetup.exe (Trojan.Ransom) --- is this a false positive?

Share this post


Link to post
Share on other sites

Hello.

This was corrected earlier in the week, kindly update and rescan.

Share this post


Link to post
Share on other sites
Hello.

This was corrected earlier in the week, kindly update and rescan.

Thanks, I just did update and they were found again. Here is the LOG.

Malwarebytes' Anti-Malware 1.41

Database version: 3067

Windows 5.1.2600 Service Pack 3

10/31/2009 10:34:10 AM

mbam-log-2009-10-31 (10-34-10).txt

Scan type: Full Scan (C:\|)

Objects scanned: 22259

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Olin\Local Settings\Apps\2.0\560Y36W3.658\2VBB0TM6.D8J\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406d71b53cc551\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

C:\Documents and Settings\Olin\Local Settings\Apps\2.0\560Y36W3.658\2VBB0TM6.D8J\goog...app_9a8dfcd080ccb114_0001.0002_d7d35fd2a0f2e170\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites
http://www.malwarebytes.org/forums/index.php?showtopic=3228

Use this to generate a developers log , it will have info I can use to troubleshoot this .

I restored the quarantined files and then rescanned as indicated. Now it picked up four infections, which I again quarantined. Hope I am doing this correctly.

Below is the logfile.

Malwarebytes' Anti-Malware 1.41

Database version: 3068

Windows 5.1.2600 Service Pack 3

10/31/2009 11:15:56 AM

mbam-log-2009-10-31 (11-15-56).txt

Scan type: Full Scan (C:\|)

Objects scanned: 131049

Time elapsed: 17 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Olin\Local Settings\Apps\2.0\560Y36W3.658\2VBB0TM6.D8J\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406d71b53cc551\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully. [4134524130538380756679155166798480781301221770246619702669666917177018662023672

2186820711721202266196722]

C:\Documents and Settings\Olin\Local Settings\Apps\2.0\560Y36W3.658\2VBB0TM6.D8J\goog...app_9a8dfcd080ccb114_0001.0002_d7d35fd2a0f2e170\GoogleUpdateSetup.exe (Trojan.Ransom) -> Quarantined and deleted successfully. [4134524130538380756679155166798480781301221770246619702669666917177018662023672

2186820711721202266196722]

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0404264.exe (Trojan.Ransom) -> Quarantined and deleted successfully. [4134524130538380756679155166798480781301221770246619702669666917177018662023672

2186820711721202266196722]

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP767\A0404265.exe (Trojan.Ransom) -> Quarantined and deleted successfully. [4134524130538380756679155166798480781301221770246619702669666917177018662023672

2186820711721202266196722]

Share this post


Link to post
Share on other sites
Fixed in the next update .

Thank you, Sir! I will restore the files and rescan after the next update becomes available.

Share this post


Link to post
Share on other sites

All is now well. Suspect files were restored and computer rescanned with no apparant infections.

Question? After having run the MBAM developer's scan there is an MBAM "runcleanupscript" program in my start-up list. Should it now be disabled or removed?

Thanks for a job very well done.

Share this post


Link to post
Share on other sites

The runcleanupscript entry should normally be removed automatically by the program itself, however there is an issue with the current version of MBAM where it doesn't always do so. To get rid of the entry run the fix posted here appropriate to your version of Windows.

Share this post


Link to post
Share on other sites

All problems were solved in very short order. MBAM is most certainly to be congratulated for having a fine program and responding to queries in this forum in a rapid and professional manner.

Thanks to everyone, and keep up the excellent work!

Share this post


Link to post
Share on other sites

Excellent, I'm glad it's resolved <_< . If you need anything else, just post.

Thanks :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.