Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes scan FP or real backdoor.bot


  • Please log in to reply
7 replies to this topic

#1 rotor123

rotor123

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:37 AM

Posted 04 September 2014 - 01:56 PM

Hi Malwarebytes Premium has detected a backdoor.bot in two files. I did quarantine them as they were nothing I needed anyway. However I am wondering if they are a false positive as they have been on the system for a while. The files were instsf449.exe and speedfan.exe

No indications of a problem BTW.

 

Thank You

Roger

 


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:37 PM

Posted 04 September 2014 - 02:05 PM

Speedfan.exe is a false positive, as none of my other protection picked it up before now and the file is legit. I'm guessing it's probably a slight mistake on the heuristics detection for backdoors.

 

xXToffeeXx~ 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:37 AM

Posted 04 September 2014 - 02:37 PM

I had a feeling as it was on the computer for a while now. But since I have not been using it it is a goner.

 

Thank You

Roger

 

P.S. I uninstalled the remnants too as I do not use it. I need to go through things and see if there are any other unused software that can go.


Edited by rotor123, 04 September 2014 - 02:38 PM.

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:37 AM

Posted 04 September 2014 - 05:25 PM

After a security vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to detect files or traces of remnants and registry entries which had previously gone undetected (not reported) by prior scans. In some cases the file may have been on the computer for years. If the computer had previously been infected, this can even occur long after the initial infection was removed. In that same manner, it is not unusual for a detected threat to no longer be detected during subsequent scans after a database update. This can be attributed to further testing after users have submitted a sample file which is then determined to be false positive and removed from the detection list.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rotor123

rotor123
  • Topic Starter

  • Moderator
  • 8,094 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:10:37 AM

Posted 04 September 2014 - 08:05 PM

Thank You Quietman for that clear and concise answer (Explanation)

 

Best Regards

Roger


Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:37 AM

Posted 04 September 2014 - 08:20 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:37 AM

Posted 04 September 2014 - 09:07 PM

The file instsf449.exe has been discovered within the following programs.

League of Legends  by Riot Games
League of Legends (LoL) is a multiplayer online battle arena video game developed and published by Riot Games for Microsoft Windows. Players are formed into 2 even teams of Champions, 3v3 or 5v5. League of Legends is a session-based game.
www.RiotGames.com

SpeedFan (remove only)  by Almico Software
SpeedFan is software that can read temperatures, voltages and fan speeds of computer components. It can change computer fan speeds depending on the temperature of various components. The program can display system variables as a chart and as an indicator in the system tray.

insts449 is the install filename for the program speedfan by almico. version 4.4.9



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:37 AM

Posted 05 September 2014 - 05:17 AM

The link where you got that info says...

The program is a setup application that uses the Nullsoft Scriptable Install System installer. The file has been seen being downloaded from download.bleepingcomputer.com and multiple other hosts.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users