MBAM FP _ISDel.exe

Discussion in 'other anti-malware software' started by FanJ, Apr 20, 2013.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    MBAM is giving FP's:

    C:\SWSETUP\Adobe\_ISDel.exe (Spyware.Zbot) -> No action taken.
    C:\SWSETUP\AppInstl\_ISDel.exe (Spyware.Zbot) -> No action taken.
    C:\SWSETUP\Default\Disk1\_ISDel.exe (Spyware.Zbot) -> No action taken.
    C:\SWSETUP\Touchpad\_ISDel.exe (Spyware.Zbot) -> No action taken.

    ON XP-home SP3

    All 4 files are the same.
    MD5 : 51161BF79F25FF278912005078AD93D5

    Scanned the first one at VT; only MBAM is giving there a warning.

    Checksums for C:\SWSETUP\Adobe\_ISDel.exe
    SHA256: b5dc0feb738a91ce3cfa982647fe2779787335c6c2c598d5b49818565d7c3e84
    SHA1: 13cb580aa1d2823ca0f748b1fc262b7db1689f19
    MD5: 51161bf79f25ff278912005078ad93d5

    Sorry, no time to run a developper log. I will have only time later in the evening.
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Hi Gerard,

    If that would mean that I have to read some "captcha" (or whatever it is called), than that will not happen because I cannot read them; period.

    I'm not exactly in the mood for this at the moment, to say the least; preparing for a commemoration tomorrow in memory of my beloved brother.

    I'm not posting errors/FPs for my glory but for the benefit of the companies involved.

    Anyway, here follows the dev.log and then I'm out of this.

    ===

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.20.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    (user) :: XXXXX [administrator]

    20-4-2013 17:06:51
    MBAM-log-2013-04-20 (18-17-47).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 271326
    Time elapsed: 1 hour(s), 1 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\SWSETUP\Adobe\_ISDel.exe (Spyware.Zbot) -> No action taken. [173cf4f678f36ec8a7d79a7df01142be]
    C:\SWSETUP\AppInstl\_ISDel.exe (Spyware.Zbot) -> No action taken. [2e252ebc9ecd4fe7aed05fb86b960ef2]
    C:\SWSETUP\Default\Disk1\_ISDel.exe (Spyware.Zbot) -> No action taken. [d97a3ab01a51ba7cf48a789fb54c857b]
    C:\SWSETUP\Touchpad\_ISDel.exe (Spyware.Zbot) -> No action taken. [4d0616d4214afb3ba9d58394a55c3ec2]

    (end)
     
    Last edited: Apr 22, 2013
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    PS:
    I noticed it was fixed; did a scan with Database version: v2013.04.20.08
     
  5. RubbeR DuckY

    RubbeR DuckY Developer

    Joined:
    Jul 7, 2006
    Posts:
    205
    Thanks for reporting it! I know our research team browses here vigorously, so I'm sure they picked it up :).
     
  6. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    The file was also added to the shim server.
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    After updating recently to the latest version of MBAM, I started getting a detection which I did report in beta testing in the MBAM forums.

    So, because it bugged me and I know it just an archive file on my system, I have just decided to ignore it. No biggie.

    P.S. Sorry for seemingly hijacking this thread...I hope I am forgiven. ;)

    P.P.S. Also, seeing if someone from Malwarebytes will notice my post. :)

    ScreenShot_MBAM_ignore file_01.jpg
     
  8. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I just ran a scan, and now have this detectioon for the first time in the same location...another archive file.

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.23.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    *****Identifying details removed*****

    Protection: Disabled

    24/04/2013 10:10:19 AM
    MBAM-log-2013-04-24 (10-22-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 218430
    Time elapsed: 9 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\downloads\revosetup1.34.exe (Trojan.ModifiedUPX) -> No action taken.

    (end)
     
    Last edited: Apr 23, 2013
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875

    Here we go...~Virus Total results removed per forum policy. Post the results on the MBAM forum.~
     
    Last edited by a moderator: Apr 23, 2013
  11. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    Sorry tarnak didnt know vt links were against the rules.

    Please post the links at our forum link above and we will get this fixed asap.
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    OK...will do!
     
  13. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    We were able to find the file. Fixed in the next update.
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    See my reply in the your FP forum...Sorry, for getting your nickname wrong in the title.
     
  15. Shadowwar

    Shadowwar Spyware Expert

    Joined:
    Feb 26, 2004
    Posts:
    305
    Thanks Tarnak. Working on fixing these now.
     
  16. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Hi,
    Malwarebytes Pro 1.75.0.1300 is picking up Zemana's Key-logger Simulation Test as a Trojan.Keylogger. Whenever I execute key_sim.exe MBAM quarantines it. Could someone from MBAM look into this. Here's it's download link...

    -http://www.zemana.com/LeakTest/simulation-programs/key_sim.exe-

    Thanks.

    Bob
     
    Last edited by a moderator: Apr 24, 2013
  17. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Wow! Talk about fast service. The Zemana Key-Logger Simulation Test (key_sim.exe) has already been listed as a safe file with the latest update (it's not being quarantined now).

    Nice.

    Thanks, MBAM.

    Later...

    Bob
     
    Last edited by a moderator: Apr 24, 2013
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yeah, though one thing I would like to change is that the Mods leave the MD5 so that you (or other vendor/Dev) is able to make a search on VT after the direct link has been removed. Since posting MD5s is afaik not against the TOS. :doubt:
     
Loading...
Similar Threads
  1. FanJ
    Replies:
    10
    Views:
    787
  2. NonGeek
    Replies:
    10
    Views:
    1,672
Thread Status:
Not open for further replies.