-
Posts
14 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Everest
-
-
How can I update the definition without launching the application ?
is there an updater.exe that I can run to search for updates ?
-
why can't I edit my last post
your software or website should have a function to upload suspicious files to analysis,
like Avira: http://analysis.avira.com/samples/index.php
is there anywhere I can upload these files for you ?
and how do I save/upload a registry entry ??
-
Hi,
Why do you think they are false positives?
because my system is clean, I used Avira Antivir Personal, spyware doctor and Windows Defender. they didn't find anything.
also your software is known of false positive and I don't want to delete files is windows directory or registry.
please examine these carefully to determine false positive, or should I delete them.
please take this seriously because I don't want to corrupt my system after deleting a necessary Windows file or registry.
thanks for the response.
-
Malwarebytes' Anti-Malware 1.40
Database version: 2675
Windows 6.0.6002 Service Pack 2
8/22/2009 9:38:47 AM
mbam-log-2009-08-22 (09-38-34).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 204421
Time elapsed: 45 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2284810d-15b5-41a2-9393-fb06709d6712} (Trojan.FakeAlert) -> No action taken. [4054423730922326212626686620141921701914216919231425256719141917242125251920686
8672694]
HKEY_CLASSES_ROOT\Typelib\{69499ca3-24e2-4d26-88b2-20748823ccb9} (Trojan.FakeAlert) -> No action taken. [4054423730922326212626686620141921701914216919231425256719141917242125251920686
8672694]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a51d8fa4-c859-473d-9e18-fa0c59d16fa3} (Trojan.FakeAlert) -> No action taken. [4054423730926622186925716621146825222614212420691426701825147166176822266918237
1662094]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a51d8fa4-c859-473d-9e18-fa0c59d16fa3} (Trojan.FakeAlert) -> No action taken. [4054423730926622186925716621146825222614212420691426701825147166176822266918237
1662094]
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\SecurePCCleaner (Rogue.PCCleaner) -> No action taken. [37425130362761498380728366783766856661527068868370493636777066797083]
Files Infected:
C:\Windows\oflink.ini (Trojan.FakeAlert) -> No action taken. [385753513430362761567479698088846180717774797615747974]
C:\Windows\OFLink.js (Trojan.FakeAlert) -> No action taken. [3857535134303627615674796980888461483945747976157584]
-
I get several false positives when performing a Full scan, please confirm these false positives.
Log attached.
-
MBAM does not detect the file anymore !!!
maby detection was removed with the update !!
the file is still in C:/windows/system32 ..
detection for the file was removed and MBAM no longer detect the file !!
should I delete it manually ?
if so, make shore to add it back to the detection file.
what does MD5 mean anyway?
thanx,
-
Do you know what is this exactly?
-
Uploaded the file Winhost.exe in zip format: http://www.malwarebytes.org/forums/index.php?showtopic=12683
good luck B)
-
I've found this after quick scan, sent it to VirusTotal and the result is Clean!
http://www.virustotal.com/analisis/b70f009...2014e4285601160
False Positive? B)
-
what filter ?
installed where ?
so ..
I don't get it.. Is the file infected?
I will update and restore the file and scan again ..
thanx
-
This link?
http://www.virustotal.com/analisis/447c1bb...643f99b8d9205ca
this is the page that shows results for Winhost.exe
Looks fine (except for one engine that flagged it)
-
Is this file part of my OS?
is it infected?
can I clean the file without deleting it?
it's probably False positive because me Avira Antivir say it's clean..
any help is welcomed ... thank you
P.S. I did run dev mod as suggested and attached the Log .. hope you can help me with that B)
Update without launching application.
in Malwarebytes for Windows Support Forum
Posted
how can I edit my original post ?
you might ask why I want to update without launching mbam, it's because I use it to scan individual downloaded files, so atm I launch mbam, update, exit application then scan files using context menu.
it will be much easier to update the signature using Updater.exe or any other method.
anyone ?