gchamby

Thanks for the reply. Regrettably this was a remote system and so I can't do a developer scan. I guess I just assumed there would be more to the heuristic than "this executable shouldn't be here". Perhaps flagging as a warning or "suspicious" without the Trojan designation? Thanks for clarifying.

Greetings all. I ran into an issue yesterday in which a 3rd party monitoring service reported a possible keylogger on a user's system. MS Forefront found nothing. We also scanned today with MBAM and the current database which reported the above (Trojan.agent.gen) on an executable file in users\..\appdata\roaming. The file name was odd so I did some checking and this particular file - System-Utilities_Application_M99N8_WN_2.2_A00.EXE - is a Dell system utility. I then downloaded this same file directly from the Dell web site and scanned it with MBAM in the downloads folder. Nothing detected. I then manually copied it to my local ..\appdata\roaming directory and rescanned it and it reported it as the Trojan.Agent.Gen. I'm confused - surely MBAM doesn't flag executables as Trojans merely because of the directory they are in? Please advise. Thanks.