dcjsdts
asked on
ComboFix shows BITS Possible infected sites update.pdfcomplete.com
Quite simply, why does ComboFix tell me this and why do I read on the Internet that several other folks experience the same result, but I find NOTHING on update.pdfcomplete.com? I know what PDF complete is, we have McAfee product installed, also scanned with MS SystemSweeper, MBAM, and TDSSKiller, no results. No results in Google searching on the result below. MS-ISAC SOC reported this to us (a large organization) as "Outbound Trojan Activity" and also flagged this traffic as potential Trojan Banload activity:
So, my question is, I know PDF Complete is safe and so is the update URL, but why is Multi-State Information Sharing & Analysis Center (MS-ISAC) flagging this and why is ComboFix also defining this in its log as follows:
----- BITS: Possible infected sites -----
hxxp://update.pdfcomplete. com
So, my question is, I know PDF Complete is safe and so is the update URL, but why is Multi-State Information Sharing & Analysis Center (MS-ISAC) flagging this and why is ComboFix also defining this in its log as follows:
----- BITS: Possible infected sites -----
hxxp://update.pdfcomplete.
ASKER
I do beleive this will be the Accepted solution, but can you tell me WHY qmge0 & 1 are being detected by ComboFix and some other AV/Anti-malware products? Is it a false positive and why?
Is there a Symantec, McAfee or kapersky article that exaplains this so we can proceed without worry?
PS: I did look myself but could not find any direct correlation.
Thanks!!
Is there a Symantec, McAfee or kapersky article that exaplains this so we can proceed without worry?
PS: I did look myself but could not find any direct correlation.
Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I assume combofix also showed below lines in the log? then that would explain it.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Dow
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Dow