Trojan In Malwarebytes?

I installed malwarebytes on my usb, since it was a lightweight antivirus, but then i noticed a wierd file named mbam-dor.exe. I double click it and then Bit defender gave me this warning.

So i uploaded the file on virustotal and 4 antiviruses recognized it.

directly scanning the file will give no warning.

so is this real malware?

hmm i tried to upload this file and i got this warning

Error Upload failed. You are not permitted to upload this type of file

EDIT: Ok got it. i forgot to put it in the zip file. password: infected

Please analyze, and the file it creates

/applications/core/interface/file/attachment.php?id=3390" data-fileid="3390" rel="">


  • rootkit
    rootkit ✭✭✭
    edited October 2008
    I installed malwarebytes on my usb, since it was a lightweight antivirus.....

    WRONG !

    Malwarebytes Anti-Malware is not an antivirus software.

    It's an antispyware program. :rolleyes:

    The file looks clean.

    Please upload the file(s) from your screenshot in an archive, protected with the password infected.

    Attach the archive in your next post here.

  • Theoracle117
    edited October 2008

    How do i do that? Bitdefender Deletes the file upon creation.

    ANTISPYWARE? :( I am disappointed.

    EDIT: The mbam-dor.exe file attempts to create a different .sys file everytime!

  • ok i tried scanning with real time protection off. i scanned my drivers folder, where the virus was created and it found these files

    Product : BitDefender Total Security 2009

    Version : BitDefender UIScanner v.12

    Scanning task : Contextual Scan

    Log date : 09:02:15 05/10/2008

    Log path : C:\Documents and Settings\Chuanping\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1223222535_1_01.xml

    Scan Paths:Path 0000: C:\WINDOWS\system32\drivers

    Scan Options:Scan for viruses : Yes

    Scan for adware : Yes

    Scan for spyware : Yes

    Scan for applications : Yes

    Scan for dialers : Yes

    Scan for rootkits : No

    Target Selection Options:Scan registry keys : No

    Scan cookies : No

    Scan boot sectors : No

    Scan memory processes : No

    Scan archives : Yes

    Scan runtime packers : Yes

    Scan emails : Yes

    Scan all files : Yes

    Heuristic Scan : Yes

    Scanned extensions :

    Excluded extensions :

    Target Processing:Default action for infected objects : Disinfect

    Default action for suspicious objects : None

    Default action for hidden objects : None

    Default action for encrypted infected objects : None

    Default action for encrypted suspicious objects : None

    Default action for password-protected objects : None

    Scan engines summaryNumber of virus signatures : 1837735

    Archive plugins : 43

    Email plugins : 6

    Scan plugins : 12

    System plugins : 5

    Unpack plugins : 7

    Overall scan summaryScanned items : 123

    Infected items : 3

    Suspicious items : 0

    Resolved items : 3

    Unresolved items : 0

    Password-protected items : 0

    Individual viruses found : 2

    Scanned directories : 3

    Scanned boot sectors : 0

    Scanned archives : 2

    Input-output errors : 1

    Scan time : 00:00:28

    Files per second : 4

    Scanned processes summaryScanned : 0

    Infected : 0

    Scanned registry keys summaryScanned : 0

    Infected : 0

    Scanned cookies summaryScanned : 0

    Infected : 0

    Resolved issues:Object Name Threat Name Final Status

    C:\WINDOWS\system32\drivers\qqvyfnv.sys Trojan.Avenger.B Deleted

    C:\WINDOWS\system32\drivers\tfsaica.sys Trojan.Avenger.B Deleted

  • Ok i think i got one of the files.

    Malwarebytes(the dor.exe file) creates a different named .sys file in the drivers directory everytime so i can't really upload all of them

    NOTE: The file was scanned and quarantined by Clamwin .94 and so the file has a "infected." in front of it.

    BItdefender deletes the file upon detection and mbam-dor.exe gives the trojan a new name everytime so i had to use clam win.

    /applications/core/interface/file/attachment.php?id=3403" data-fileid="3403" rel="">

  • Case closed. I emailed the company that made malwarebytes. details in this thread

  • Dear sir,

    We are sorry for any inconveniences caused by this event.

    Detection has been removed and the file should be seen as clean after the next update.

    Thank you for submitting.

  • your welcome

    and no worries, there was no trouble. :)