Sign in to follow this  
Followers 0
The CID

WinSys2.exe

3 posts in this topic

Malwarebytes' Anti-Malware 1.30

Database version: 1404

Windows 5.1.2600 Service Pack 3

19/11/2008 10:03:51 a.m.

mbam-log-2008-11-19 (10-03-51).txt

Scan type: Complete Scan (C:\|)

Objects scanned: 26443

Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsys2 (Spyware.OnlineGames) (*)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\WinSys2.exe (Spyware.OnlineGames) (*)

(*)

This appeared today, I did not have it yesterday.

Today I installed NVIDIA+MSI Driver 162.18 for my graphic card MSI NX7600GS T2D-256E (NVIDIA GeForce 7600 GS 256Mb PCI-E) from MSI main site.

I activated the D.O.T. (Dynamic Over-Clocking Technology) at "Commander" level (10% of over-clocking).

This program loads itself at startup and activates itself when I require some intense graphic use. Only when this program activates itself Malwarebytes detects it.

I am uploading the program. I put it in a ZIP:

File name: WinSys2.exe

Location: C:\WINDOWS\system32

Size: 208.896 bytes

Creation Date: April 29, 2006

Version of the file: 1.0.0.2

Description: DOT MFC Application

Original name: DOT.exe

Thanks!

WinSys2.zip

WinSys2.zip

Share this post


Link to post
Share on other sites

I think I can modify things enough that we can still hit the malware version of this while missing the legit version .

I need to know what happens when you scan with defs version 1413 (will be out later tonight) .

Share this post


Link to post
Share on other sites
I think I can modify things enough that we can still hit the malware version of this while missing the legit version .

I need to know what happens when you scan with defs version 1413 (will be out later tonight) .

Since Malwarebytes detects the file only when the D.O.T. (Dynamic Over-Clocking Technology) activates itself, I scanned the C:\ while runnig an aplication that should had activated it.

I did the same scan using defs version 1414.

No malicious items were detected at any level.

Regards!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.