Trojan In Malwarebytes?

Theoracle117

I installed malwarebytes on my usb, since it was a lightweight antivirus, but then i noticed a wierd file named mbam-dor.exe. I double click it and then Bit defender gave me this warning.

http://img72.imageshack.us/my.php?image=ma...tesvirusml8.png

So i uploaded the file on virustotal and 4 antiviruses recognized it.

directly scanning the file will give no warning.

so is this real malware?

hmm i tried to upload this file and i got this warning

Error Upload failed. You are not permitted to upload this type of file

EDIT: Ok got it. i forgot to put it in the zip file. password: infected

Please analyze, and the file it creates

/applications/core/interface/file/attachment.php?id=3390" data-fileid="3390" rel="">mbam_dor.zip

rootkit

I installed malwarebytes on my usb, since it was a lightweight antivirus.....

WRONG !

Malwarebytes Anti-Malware is not an antivirus software.

It's an antispyware program.

http://www.virustotal.com/analisis/23208b7...e3a20048b080918

The file looks clean.

Please upload the file(s) from your screenshot in an archive, protected with the password infected.

Attach the archive in your next post here.

C:\WINDOWS\system32\drivers\vsfkccsi.sys

Theoracle117

How do i do that? Bitdefender Deletes the file upon creation.

ANTISPYWARE? I am disappointed.

EDIT: The mbam-dor.exe file attempts to create a different .sys file everytime!

Theoracle117

ok i tried scanning with real time protection off. i scanned my drivers folder, where the virus was created and it found these files

Product : BitDefender Total Security 2009

Version : BitDefender UIScanner v.12

Scanning task : Contextual Scan

Log date : 09:02:15 05/10/2008

Log path : C:\Documents and Settings\Chuanping\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1223222535_1_01.xml

Scan Paths:Path 0000: C:\WINDOWS\system32\drivers

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : No

Target Selection Options:Scan registry keys : No

Scan cookies : No

Scan boot sectors : No

Scan memory processes : No

Scan archives : Yes

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target Processing:Default action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Default action for encrypted infected objects : None

Default action for encrypted suspicious objects : None

Default action for password-protected objects : None

Scan engines summaryNumber of virus signatures : 1837735

Archive plugins : 43

Email plugins : 6

Scan plugins : 12

System plugins : 5

Unpack plugins : 7

Overall scan summaryScanned items : 123

Infected items : 3

Suspicious items : 0

Resolved items : 3

Unresolved items : 0

Password-protected items : 0

Individual viruses found : 2

Scanned directories : 3

Scanned boot sectors : 0

Scanned archives : 2

Input-output errors : 1

Scan time : 00:00:28

Files per second : 4

Scanned processes summaryScanned : 0

Infected : 0

Scanned registry keys summaryScanned : 0

Infected : 0

Scanned cookies summaryScanned : 0

Infected : 0

Resolved issues:Object Name Threat Name Final Status

C:\WINDOWS\system32\drivers\qqvyfnv.sys Trojan.Avenger.B Deleted

C:\WINDOWS\system32\drivers\tfsaica.sys Trojan.Avenger.B Deleted

Theoracle117

Ok i think i got one of the files.

Malwarebytes(the dor.exe file) creates a different named .sys file in the drivers directory everytime so i can't really upload all of them

NOTE: The file was scanned and quarantined by Clamwin .94 and so the file has a "infected." in front of it.

BItdefender deletes the file upon detection and mbam-dor.exe gives the trojan a new name everytime so i had to use clam win.

/applications/core/interface/file/attachment.php?id=3403" data-fileid="3403" rel="">infected.qxanm.zip

Theoracle117

Here are some more samples.

password infected

/applications/core/interface/file/attachment.php?id=3404" data-fileid="3404" rel="">infected.cgji.zip

Theoracle117

Case closed. I emailed the company that made malwarebytes. details in this thread

http://forum.bitdefender.com/index.php?showtopic=8616

csalgau

Dear sir,

We are sorry for any inconveniences caused by this event.

Detection has been removed and the file should be seen as clean after the next update.

Thank you for submitting.

Theoracle117

your welcome

and no worries, there was no trouble.