Jump to content

JonasOSDever

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by JonasOSDever

  1. JonasOSDever
    Sorry, forgot what I wrote. I didn't get only staff should post here >.<
  2. JonasOSDever
    Hi, I am not sure, but I think this is not a false positive. The hosts file in Windows is located in the directory C:\Windows\system32\drivers\etc. As the real hosts file is widely known it is a quite good name to stealth somethign malicious, I guess. I do not know if the file was located somewhere else in the older Windows versions, but I have not seen it somewhere else yet. You might try to open the file with notepad or something (or better: move it to quarentine and open it there). The real hosts file is only a text file wich should give you something readable. I hope this helps.
  3. JonasOSDever
    It did not allow me to upload cabs, so I zipped it again. There you go e10ccfe7dc7b8820c41c82442baf06a5.zip
  4. JonasOSDever
    Hello to all, I think I have found a false positive in the Windows Driver Kit 8.1. I used the official downloader to get the files for the offline installation. Anyway, yesterday I started a full scan of the system. It took only about 10 minutes for Malwarebytes to find two infections. However, I am sure an official Microsoft installer will not download a Trojan.Dropper. The following files were reported as Trojan.Droppers: C:\Downloads\Windows Kits\8.1\WDK\Installers\e10ccfe7dc7b8820c41c82442baf06a5.cab C:\Downloads\Windows Kits\8.1\WDK\Installers\f9976a73f62f4a8e2a372960dbcbd52b.cab C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\f9976a73f62f4a8e2a372960dbcbd52b.cab C:\ProgramData\Package Cache\{D35D0DC1-AEED-BE3C-C187-F2C42582EE49}v8.100.25984\Installers\e10ccfe7dc7b8820c41c82442baf06a5.cab C:\ProgramData\Package Cache\{D35D0DC1-AEED-BE3C-C187-F2C42582EE49}v8.100.25984\Installers\f9976a73f62f4a8e2a372960dbcbd52b.cab As the others look like duplicates, I checked the first two ones with an online scanner: Only malwarbytes detected them as a virus. They were downloaded by a Microsoft tool as well, so I am quite sure it is a false positive. If you need the files to analyze them, they can be downloaded with the official installer of the Windows Driver Kit 8.1, but I can also attach them, if you want. Thanks in advice Jonas P.S.: Sorry for my poor English
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.