Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   ACHTUNG: Fehlalarm von Malwarebytes (https://www.trojaner-board.de/70692-achtung-fehlalarm-malwarebytes.html)

a5cl3p1o5 05.03.2009 13:07
ACHTUNG: Fehlalarm von Malwarebytes
 
Malwarebytes' Anti-Maleware erkennt momentan die Datei "wextract.exe" als Trojan.Vundo.
Hierbei handelt es sich um einen Fehlalarm (False Positive).

Ausschnitt aus der Logdatei von Malwarebytes' Anti-Maleware:
Code:
Infizierte Dateien:
C:\WINXP\system32\wextract.exe (Trojan.Vundo) -> No action taken.
Überprüfung bei http://www.virustotal.com/de:
Code:
Antivirus          Version          letzte aktualisierung          Ergebnis
a-squared        4.0.0.101        2009.03.05        -
AhnLab-V3        5.0.0.2        2009.02.27        -
AntiVir        7.9.0.100        2009.03.05        -
Authentium        5.1.0.4        2009.03.04        -
Avast        4.8.1335.0        2009.03.05        -
AVG        8.0.0.237        2009.03.05        -
BitDefender        7.2        2009.03.05        -
CAT-QuickHeal        10.00        2009.03.05        -
ClamAV        0.94.1        2009.03.05        -
Comodo        1025        2009.03.04        -
DrWeb        4.44.0.09170        2009.03.05        -
eSafe        7.0.17.0        2009.03.04        -
eTrust-Vet        31.6.6382        2009.03.05        -
F-Prot        4.4.4.56        2009.03.04        -
F-Secure        8.0.14470.0        2009.03.05        -
Fortinet        3.117.0.0        2009.03.05        -
GData        19        2009.03.05        -
Ikarus        T3.1.1.45.0        2009.03.05        -
K7AntiVirus        7.10.657        2009.03.04        -
Kaspersky        7.0.0.125        2009.03.05        -
McAfee        5543        2009.03.04        -
McAfee+Artemis        5543        2009.03.04        -
Microsoft        1.4405        2009.03.04        -
NOD32        3910        2009.03.05        -
Norman        6.00.06        None..        -
nProtect        2009.1.8.0        2009.03.05        -
Panda        10.0.0.10        2009.03.05        -
PCTools        4.4.2.0        2009.03.05        -
Rising        21.19.32.00        2009.03.05        -
SecureWeb-Gateway        6.7.6        2009.03.05        -
Sophos        4.39.0        2009.03.05        -
Sunbelt        3.2.1858.2        2009.03.05        -
Symantec        10        2009.03.05        -
TheHacker        6.3.2.7.272        2009.03.05        -
TrendMicro        8.700.0.1004        2009.03.05        -
VBA32        3.12.10.1        2009.03.05        -
ViRobot        2009.3.5.1635        2009.03.05        -
VirusBuster        4.5.11.0        2009.03.04        -
weitere Informationen
File size: 67072 bytes
MD5...: e80f82021bcc115719f594fd1d5ca878
SHA1..: d191af1a363ab7534ed78e1202dcfe1b8651fd2e
SHA256: 2fe325ef0bf2f43dc50899c49e916554fd1c86279cc7ad39efaa1a7743331f5d
SHA512: 2e5d5510db7735217f6a9b9c0f82ac9dcb21c055393d23d99b3c7ac84954cc6b
ed7ba415b67cd9348bbafa424d9ce967c2fd46a144772793c7d85fe188c7c88b
ssdeep: 1536:G5GJEhlcbW5sk1BlfLvveIbXWm+nwN6JRs5gtZNhAY8fjoegdeDXD5:8Gu9
BlfzWIbXWm+w0J+5sNhAY88tderl
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x645c
timedatestamp.....: 0x480251cd (Sun Apr 13 18:32:45 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x99c8 0x9a00 6.58 87fe10d9dbd6b4e42fc70a9a4ecaa575
.data 0xb000 0x1be4 0x400 4.25 99858e86526942a66950c7139f78a725
.rsrc 0xd000 0x63dc 0x6400 3.98 614137ed8cef986b77c54d4babbcce1f

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, lstrlenA, GetModuleFileNameA, GetSystemDirectoryA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, lstrcpyA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, FreeResource, GetProcAddress, LoadResource, SizeofResource, FindResourceA, lstrcatA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, LockResource
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Grüße
a5cl3p1o5

Sunny 05.03.2009 13:16
Danke @ a5cl3p1o5 :daumenhoc

harlud 05.03.2009 17:50
Schaut auch mal hier:http://www.trojaner-board.de/19005-w...erstellen.html
Gruß harlud

myrtille 05.03.2009 20:49
Der Fehlalarm sollte behoben sein.
Version 1821 sollte nichts mehr erkennen. Quelle

lg myrtille


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131