Zemana allerted about the following on a Vista laptop!

Discussion in 'other anti-malware software' started by ratchet, Oct 15, 2011.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    I'm not sure if it has anything to do with the MS updates this week. I did allow it as I wasn't even going to enter any passwords anyway. Any theories? Thank you! Here is the log:
    Permission = 1
    Action = Allowed
    Description = Windows Explorer
    Process Name = explorer.exe
    Process Path = C:\Windows\explorer.exe
    Component = explorer.exe
    Company = (Verified) Microsoft Corporation
    Activity = KeyLogger (Type: 3)
    MD5 Hash = D07D4C3038F3578FFCE1C0237F2A1253
    Date = 15/10/2011 - 9:36:56 AM
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    my guess is that Zemana was being 'trigger happy'.
     
  3. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Did a google search on the given MD5 and found this:

    -http://www.misec.net/trojaninfo/d07d4c3038f3578ffce1c0237f2a1253-

    The site reports the MD5 belongs to a trojan "explorer.exe"

    SourMilk out
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ ratchet

    moontan is "probably" right, but it is odd. It's "possible that malware etc "could" have injected itself into explorer.exe.

    Not sure what to make of SourMilk's link ?

    Upload the file to VT etc & scan locally :thumb:
     
  5. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    CloneRanger is right, better be safe than sorry.

    have you scanned your system with on-demand scanners?
     
  6. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    I did immediately run Malwarebytes and it turned up clean! I didn't scan with Norton.
     
  7. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you can also try Hitman Pro.
    HMP scans with 5 or 6 different AV engines.
    it never hurts to have multiple 'opinions'.
     
  8. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    So I did a quick Norton scan but it didn't turn up anything. Have been running a full scan, still going. Is there anything that can strictly scan for keyloggers?
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    you could give Kaspersky TDSSKiller a try:
    -http://www.majorgeeks.com/Kaspersky_TDSSKiller_d6895.html

    the experts here @ Wilders recommend to use boot CDs to scan for malware at boot time.
    i've never used those so i'll let someone else get into that topic...
     
  10. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    Norton's Full System Scan found two trojans (supposedly). They were something 5 (don't think it was MD5) that were there for 2.5 years. Their path was a Burnaware uninstall file. So I don't know! The fact that it was the first time I booted since Tuesdays updates still leads me to believe it had something to do with that. Zemana has been on that PC for about six months and I haven't missed any updates. I just boot it weekly to update the anti-malware definitions and surf 99% inside Sandboxie. Not to say stranger things have happened. I never do any commerce on it and it has never been on a public network, although once a year or so it might get used at a beach house or some other vacation rental but have never had any alerts then or in my children's homes.
     
  11. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    From VT: 4 VT Community user(s) with a total of 16245 reputation credit(s) say(s) this sample is goodware. 2 VT Community user(s) with a total of 2 reputation credit(s) say(s) this sample is malware.
    goodware
    Safety score: 100.0%
    Also, thank you for the concern and help!
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ ratchet

    Depends where you got Burnaware from ? If it was direct it's "probably" a FP !

    Strange why Norton was silent for 2.5 years though ? :p

    That's relief, if it was a nasty ;)
     
  13. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,906
    Been using Norton maybe six months or so. Have never done a "full" scan with any anti-malware product. Didn't even think to do it with Malwarebytes. I suppose I shouldn't be so cavalier when it comes to security!
     
  14. Gobbler

    Gobbler Registered Member

    Joined:
    Jul 30, 2010
    Posts:
    270
    I don't think this has anything to do with malware injecting itself into Explorer or something malware related cause I had a very same type of alert a few months back from Spyshelter and it was after I had done a very fresh OS install.I feel this is a FP due to behavioural analysis these applications employ.
     
Loading...
Thread Status:
Not open for further replies.