Author Topic: What is mppt97:shellcode-O and why do I keep detecting it?  (Read 764 times)

0 Members and 1 Guest are viewing this topic.

Offline Gravital

  • Newbie
  • *
  • Posts: 7
What is mppt97:shellcode-O and why do I keep detecting it?
« on: September 12, 2019, 06:43:37 PM »
I have recently found out that my avast keeps detecting somthing called mppt97:shellcode-O within my Windows Defender files (I never use windows defender). Looking this up online and I have only found little vague information about it. The problem I am currently facing however is that whatever this is it keeps being detected by my Avast antivirus with each scan and I ended up getting 3 of the same mppt97:shellcode-O in my virus chest. I Use both AVAST and MALWAREBYTES (white MBAR to detect root kits as well). I always scan in hardened mode and at the highest sensitivity so I am not sure if this is a false positive or just a very “resilient” virus. I do not know much about viruses in general so can someone on here please explain for me?

https://imgur.com/a/J2ukkVt
« Last Edit: September 12, 2019, 06:52:35 PM by Gravital »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36302
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #1 on: September 12, 2019, 07:41:50 PM »
Quote
(I never use windows defender).
Is it also disabled ? .... should happen automatically when avast is installed


Try Disk cleanup and reboot   https://support.microsoft.com/en-us/help/4026616/windows-10-disk-cleanup

Any change?


“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #2 on: September 12, 2019, 08:40:47 PM »
I am currently doing a boot scan at the moment but windows defender should be disabled. I will try the disk cleanup after the boot scan and come back with results

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #3 on: September 13, 2019, 12:17:12 AM »
Ok i sent the infected file to virus total and here are he results

https://imgur.com/a/SoETmtP

Apparently it was a Trojan so what I did was I deleted the file and emptied my recycle bin. Would that get rid of it or would it just jump to another file?

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36302
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #4 on: September 13, 2019, 01:08:31 AM »
Why do it so complicated? 

take picture of computer screen with phone (have you never heard of print screen or snip tool ?) then upload picture to imgur, and then post link to picture at imgur ..... when you can just copy paste the scan link from virustotal   ???

Also all the additional file info that can be very usefull to find out if it is a false positive or not, is not visible to us .... it is if you post VT scan link


« Last Edit: September 13, 2019, 01:11:42 AM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #5 on: September 13, 2019, 02:07:13 AM »
oh my bad. I’m brand new to the forums. Here you go https://www.virustotal.com/gui/file/664eef64c3315618996c14c138899806bbcf4abd0e239c26176bca5f303b6fdc/detection

Also deleting the file manually doesn’t do anything. It just comes back whenever I turn the computer on again, still detecting the shellcode/Trojan as if it was never scanned in the first place.

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #6 on: September 13, 2019, 02:11:24 AM »
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #7 on: September 13, 2019, 02:17:03 AM »
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 36302
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #8 on: September 13, 2019, 07:47:20 AM »
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however
Where are the logs?  did you read instuctions


« Last Edit: September 13, 2019, 07:49:17 AM by Pondus »
“Ah beer. The cause of and the solution to all of life’s problems.”

"Operator! Give me the number for 911!"

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #9 on: September 13, 2019, 04:18:11 PM »
Malwarebytes did not detect the shellcode/Trojan in the file when I scanned it. Avast did however
Where are the logs?  did you read instructions

The important ones are the FRST logs (FRST.txt and Addition.txt). Please attach those. If FRST failed to run, please inform us.
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #10 on: September 13, 2019, 07:59:22 PM »
Oh thats what you meant. Ok here they are. Do you also need me to post the "infected" file on here too for you to look at as well?
« Last Edit: September 13, 2019, 11:14:44 PM by Gravital »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #11 on: September 13, 2019, 11:32:45 PM »
Oh thats what you meant. Ok here they are. Do you also need me to post the "infected" file on here too for you to look at as well?

Sorry, I should've been more specific. Generally, when someone is pointed to that thread, they follow all the instructions. I'll reword it for the future. As for the *.bin file that Avast! doesn't like, no, it'll mostly be Binary. Just about the only useful thing we could do with it is scan it on VirusTotal, which can be done using FRST automatically. I'll inform Sass Drake.
« Last Edit: September 14, 2019, 07:35:08 PM by Michael (alan1998) »
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.

Offline Gravital

  • Newbie
  • *
  • Posts: 7
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #12 on: September 14, 2019, 04:54:43 AM »
I am not sure what Curl is either nor do I remember downloading it. I don’t know anything about coding or whatnot since I only use my computer to play games and draw artwork. An employee at a computer store I went to might of put it in or something when he was fixing my computer several months ago.
« Last Edit: September 14, 2019, 04:59:13 AM by Gravital »

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2704
  • Volunteer
Re: What is mppt97:shellcode-O and why do I keep detecting it?
« Reply #13 on: September 14, 2019, 05:26:32 AM »
Edit: Apparently Windows now ships with Curl installed. I had no idea.
« Last Edit: September 14, 2019, 07:34:46 PM by Michael (alan1998) »
*Volunteer*.
Tier I SOC Analyst; Threat Hunter; Digital Forensics (no cert); HTB Competitor; Pentester (no cert).

4th Year BCS Student @ The University of New Brunswick.