Possible Unwanted file

  • Thread starter Thread starter slippip
  • Start date Start date
S

slippip

Guest
Heyo,

Norton just detected a .bin file in C:\Users\USER\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs

It's apparently some sort of Trojan but norton has also detected some legit files as trojans before so I thought I'd ask

The file's called "6K6AY.bin" and it reads:

1,"fusion","GAC",0

1,"WinRT","NotApp",1

3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\e9647e8e96a98be0146911f80f7a4c22\System.ni.dll",0

3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\db603a2e9ab998a6438a67e8a724b8cc\System.Core.ni.dll",0

3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\50ef1eb519dd3da153c6ae58046976a3\WindowsBase.ni.dll",0

3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\aff232e97272bfa50bc9b5e1fcb8f886\PresentationCore.ni.dll",0

3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\dc4b28634c014ded738d6aafe3977116\PresentationFramework.ni.dll",0

3,"System.Xaml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d2edeab3587abbc9d004bc2b0c3a2469\System.Xaml.ni.dll",0

3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\da2eacab90abbd0860a5a24be0d9e6fd\System.Configuration.ni.dll",0

3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3243351efe0e533ae9c58eadeae6cff6\System.Xml.ni.dll",0

3,"PresentationFramework.Aero2, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\39242b5e4bee788c813c0fcc4eb9bdc5\PresentationFramework.Aero2.ni.dll",0

3,"UIAutomationTypes, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ea214246f6e09d22e330b0a400dc2ebe\UIAutomationTypes.ni.dll",0

3,"UIAutomationProvider, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\5edef65d8f8001965ecaf6669ce2e054\UIAutomationProvider.ni.dll",0

3,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\4fd3e0b64942e3760f92bd03adbe12cd\System.Security.ni.dll",0

3,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\478c2c26af5d224be0eaec9cf36ed774\System.Numerics.ni.dll",0

3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\139d8c0ea3b34f97adad16f79be0073a\System.Runtime.Serialization.ni.dll",0

3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\5f45a81fae50e6d31760fd224a2fa5d9\System.Data.ni.dll",0

3,"System.IO.Compression, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#\57229d2fb52875df7a6582212caf6845\System.IO.Compression.ni.dll",0

3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\9823bb91a009dad604dc3a3291c12edb\System.Management.ni.dll",0

2,"PresentationFramework-SystemCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0

2,"PresentationFramework-SystemXml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0

2,"PresentationFramework-SystemData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0

3,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\7a9c93b8034c214b4cadf1854afb3b44\System.Deployment.ni.dll",0






If anyone knows if this is an actual trojan or not would be of great help. Thanks.

More...
 
Back
Top