Trojan In Malwarebytes?

Theoracle117
Theoracle117
edited October 2008 in Sample submission

I installed malwarebytes on my usb, since it was a lightweight antivirus, but then i noticed a wierd file named mbam-dor.exe. I double click it and then Bit defender gave me this warning.


http://img72.imageshack.us/my.php?image=ma...tesvirusml8.png


So i uploaded the file on virustotal and 4 antiviruses recognized it.


directly scanning the file will give no warning.


so is this real malware?


hmm i tried to upload this file and i got this warning


Error Upload failed. You are not permitted to upload this type of file


EDIT: Ok got it. i forgot to put it in the zip file. password: infected


Please analyze, and the file it creates

/applications/core/interface/file/attachment.php?id=3390" data-fileid="3390" rel="">mbam_dor.zip

Comments

  • rootkit
    rootkit ✭✭✭
    edited October 2008
    I installed malwarebytes on my usb, since it was a lightweight antivirus.....


    WRONG !


    Malwarebytes Anti-Malware is not an antivirus software.


    It's an antispyware program. :rolleyes:


    http://www.virustotal.com/analisis/23208b7...e3a20048b080918


    The file looks clean.


    Please upload the file(s) from your screenshot in an archive, protected with the password infected.


    Attach the archive in your next post here.


    C:\WINDOWS\system32\drivers\vsfkccsi.sys
  • Theoracle117
    Theoracle117
    edited October 2008

    How do i do that? Bitdefender Deletes the file upon creation.


    ANTISPYWARE? :( I am disappointed.


    EDIT: The mbam-dor.exe file attempts to create a different .sys file everytime!

  • Theoracle117
    Theoracle117

    ok i tried scanning with real time protection off. i scanned my drivers folder, where the virus was created and it found these files


    Product : BitDefender Total Security 2009


    Version : BitDefender UIScanner v.12


    Scanning task : Contextual Scan


    Log date : 09:02:15 05/10/2008


    Log path : C:\Documents and Settings\Chuanping\Application Data\BitDefender\Desktop\Profiles\Logs\contextual\1223222535_1_01.xml


    Scan Paths:Path 0000: C:\WINDOWS\system32\drivers


    Scan Options:Scan for viruses : Yes


    Scan for adware : Yes


    Scan for spyware : Yes


    Scan for applications : Yes


    Scan for dialers : Yes


    Scan for rootkits : No


    Target Selection Options:Scan registry keys : No


    Scan cookies : No


    Scan boot sectors : No


    Scan memory processes : No


    Scan archives : Yes


    Scan runtime packers : Yes


    Scan emails : Yes


    Scan all files : Yes


    Heuristic Scan : Yes


    Scanned extensions :


    Excluded extensions :


    Target Processing:Default action for infected objects : Disinfect


    Default action for suspicious objects : None


    Default action for hidden objects : None


    Default action for encrypted infected objects : None


    Default action for encrypted suspicious objects : None


    Default action for password-protected objects : None


    Scan engines summaryNumber of virus signatures : 1837735


    Archive plugins : 43


    Email plugins : 6


    Scan plugins : 12


    System plugins : 5


    Unpack plugins : 7


    Overall scan summaryScanned items : 123


    Infected items : 3


    Suspicious items : 0


    Resolved items : 3


    Unresolved items : 0


    Password-protected items : 0


    Individual viruses found : 2


    Scanned directories : 3


    Scanned boot sectors : 0


    Scanned archives : 2


    Input-output errors : 1


    Scan time : 00:00:28


    Files per second : 4


    Scanned processes summaryScanned : 0


    Infected : 0


    Scanned registry keys summaryScanned : 0


    Infected : 0


    Scanned cookies summaryScanned : 0


    Infected : 0


    Resolved issues:Object Name Threat Name Final Status


    C:\WINDOWS\system32\drivers\qqvyfnv.sys Trojan.Avenger.B Deleted


    C:\WINDOWS\system32\drivers\tfsaica.sys Trojan.Avenger.B Deleted

  • Theoracle117
    Theoracle117

    Ok i think i got one of the files.


    Malwarebytes(the dor.exe file) creates a different named .sys file in the drivers directory everytime so i can't really upload all of them


    NOTE: The file was scanned and quarantined by Clamwin .94 and so the file has a "infected." in front of it.


    BItdefender deletes the file upon detection and mbam-dor.exe gives the trojan a new name everytime so i had to use clam win.

    /applications/core/interface/file/attachment.php?id=3403" data-fileid="3403" rel="">infected.qxanm.zip

  • Theoracle117
    Theoracle117

    Here are some more samples.


    password infected

    /applications/core/interface/file/attachment.php?id=3404" data-fileid="3404" rel="">infected.cgji.zip

  • Theoracle117
    Theoracle117

    Case closed. I emailed the company that made malwarebytes. details in this thread


    http://forum.bitdefender.com/index.php?showtopic=8616

  • csalgau
    csalgau ✭✭

    Dear sir,


    We are sorry for any inconveniences caused by this event.


    Detection has been removed and the file should be seen as clean after the next update.


    Thank you for submitting.

  • Theoracle117
    Theoracle117

    your welcome


    and no worries, there was no trouble. :)

All Time Leaders

Categories

Defenders of the month