XonE32 Posted July 29, 2010 Report Share Posted July 29, 2010 Hi, I rec'd an EAM detection notice in C:\WINDOWS\MBR.exe of Backdoor.Win32.IRCNite.pl!A2 a couple of days ago. At the time EAM was requesting a restart due to updates. I restarted the sytem and EAM downloaded more updates at startup. I then ran a deep scan and the infection was no longer detected. I'm asking for assistance in determining if this was a false positive or not as MBR.exe is involved. Thank you for any help in this matter. The 1st EAM log is the initial detection of Backdoor.Win32.IRCNite.pl!A2 The 2nd EAM log is the most current with all updates. Thanks in advance for any help XonE32 Link to comment Share on other sites More sharing options...
Lynx Posted July 29, 2010 Report Share Posted July 29, 2010 Hi XonE32, You previous message was removed because you posted into other user's thread Thanks for creating the separate request as suggested You 1st EAM report has an outdated signatures "7/25/2010" and it is a Custom Scan Your second report is a Quick Scan - that one despite it has more recent signatures - will show only currently active processes At the same time - it will not show inactive suspects whether those are real malware (genuine detections) or False Positives The Smart or Deep & Custom Scans may show them The file in question was reported as being flagged but it may be an FP ... probably you were running some Utilities by your own... GMER or others... Therefore, irrespectively please submit the file as it's described in Submitting suspected False Positives for analysis All log files will be reviewed by one of the malware fighters My regards Link to comment Share on other sites More sharing options...
XonE32 Posted July 29, 2010 Author Report Share Posted July 29, 2010 Hi Lynx, Yes I saw yer note in the other thread, my bad. Forgot the anti-malware forum is more stringent as I haven't posted here in a while. Anyway, thank you for the response. I'm a little confused and may have a setting wrong somewhere regarding the "custom scan" issue. I have my scheduled scan to take place late at night and don't see anywhere in EAM to set it (the scheduled scan) as a "deep scan". In other words ALL of my late night scheduled scans are labeled "custom scan". Is this normal and if not can it be changed to "deep scan"? At the time of noticing the detection I was being asked by EAM to restart (due to updates). I restarted the pc as per EAM instructions and then more updates came in at start up. After all updates were downloaded I ran a deep scan and no detection was found in MBR.exe. I don't know what GMER is unfortunately, but I have heard of it. In any case I have submitted MBR.exe as per option #3 below. With luck this will be resolved. 3) Submitting via e-mail as an attachment- send the suspect(s) to [email protected] - Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Please password protect the archive with word: “fp” (no quotes) Read Archiving Files With Password Before The Submission Thanks for your response and I look forward to hearing from EMSI re: the "custom scan" labeling for my scheduled scans and thanks in advance. Cheers XonE32 Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted July 30, 2010 Report Share Posted July 30, 2010 Your logs show no malware. Link to comment Share on other sites More sharing options...
Recommended Posts