Malwarebytes Scan

Subject: Malwarebytes Scan Wed Oct 29, 2008 12:18 am

Greetings All,

I've just completed my fortnightly malware scans, and ZoneAlarm Pro AntiSpyware, Avast Free & SUPERAntiSpyware all showed zero infections.
I've very recently installed Malwarebytes, and this reported the 2 items in the log below.

I know that a number of you use MWB, so have you any comments on these items ?
I tried a Google for info, and there are suggestions that they may be False Positives in MWB ?

As you are aware, in Microsoft Windows, registry keys are used to store configuration information: the value of a relevant key is changed every time a program is installed or when its configuration settings have been modified.
Prior to the scans, I unticked Quick Time (yet again) from msconfig as it very occasionally appears in the Notification Area, even though I don't use QT.
I haven't rebooted to make this change effective.
Do you think that this msconfig change could explain these 2 items being clocked, as they refer to msconfig ? ... or is it just a coincidence ?

Malwarebytes' Anti-Malware 1.30
Database version: 1333
Windows 5.1.2600 Service Pack 3

28/10/2008 22:34:39
mbam-log-2008-10-28 (22-34-39).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128111
Time elapsed: 42 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Although the log report them as being deleted, they're actually in Quarantine.

Spit

Subject: Re: Malwarebytes Scan Wed Oct 29, 2008 12:52 am

Sorry Spit I can't answer your question with regards to the log file, except to say, I don't like the title of it being a "backdoor.bot"

Quote:

I unticked Quick Time (yet again) from msconfig as it very occasionally appears in the Notification Area

However, with regards to QT (Quick Time)
Likewise I don't use it, although it is installed, it installed with some other video program.

But, the best way of stopping it from appearing is to open QT, then go through it's tools/properties and "de-select" the option/s for it to start automatically with windows, this works for me.

_________________
If it ain't broke.
Don't fix it.

Subject: Re: Malwarebytes Scan Wed Oct 29, 2008 7:06 am

Backdoor bots include phone-home programs that come with genuine software. HP use them for updates and registration purposes, for example. QuickTime, if you have auto update selected for it, will have downloaded and updated in the background. It will count as a new installation and put itself back into the Notification Area.

QT will almost definitely include a backdoor bot to phone home for updates.

I have mine set with updates off. I control when I update QT instead.

Spit, although you say you don't use QT, there's a lot of web content that likes to use QT as the default media player. Mine is often used while I'm surfing.

_________________

I realised I was dyslexic when I went to a toga party dressed as a goat.

Subject: Re: Malwarebytes Scan Wed Oct 29, 2008 1:15 pm

Thanks Guys for your replies.

After booting up today, all seems OK with the Backdoor bot being quarantined.
I'll leave it there for a while to make sure, even though it's probably non-malicious, and just QT phoning home for updates as you suggest Dave.

QT will almost definitely include a backdoor bot to phone home for updates.
I have mine set with updates off. I control when I update QT instead.

I've now tweaked my settings to prevent QT automatically looking for updates.
There must be other genuine programs with similar bots for phoning home, so I'm puzzled why Malwarebytes specifically clocked this one.

Cheers, Spit Very Happy

Subject: Re: Malwarebytes Scan Wed Oct 29, 2008 1:24 pm

spitfire wrote:

There must be other genuine programs with similar bots for phoning home, so I'm puzzled why Malwarebytes specifically clocked this one.

Unfortunately different programs work in slightly different ways.

A "long time ago" I ran a scan using Norton, Ad-Aware and System Mechanic.
All three programs found a variety of spyware on my PC, but not one of the programs actually cleaned all of the spyware that each of the other programs found.

It's a funny old world. scratch

_________________
If it ain't broke.
Don't fix it.

Subject: Re: Malwarebytes Scan Wed Oct 29, 2008 9:41 pm

This is unrelated to to my original post, but those using MBAM might be interested in this thread from their forums, especially if you have the real time Pro version.

http://www.malwarebytes.org/forums/index.php?showtopic=5061

We are re-working the Protection Module as we speak and it should be dramatically faster.
Marcin Kleczynski
Malwarebytes Lead Developer

Spit rabbit

Number of posts: 16 Registration date: 2008-10-14

That was back in June, Spit Wink

One would imagine it has been attended to by now