Jump to content

thebigeast

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by thebigeast

  1. I had the same thing happen to me today - first time it has ever happened. I guess due to MBAM's new policy to go after PUP programs - which I had not heard of before and when I saw it, did not realize that was what the alert referred to - I thought there might be an infection. Scans completed with other programs confirmed there was not. MBAM listed this DVD which you can install to your computer as a PUP: http://www.ntis.gov/products/irsdvd.aspx It is the 2012 IRS DVD that tax professionals use in their practices. Here's the log entry: Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2012 IRS Tax Products DVD Final Release (PUP.Optional.Surf) -> No action taken. [7e23acd8bfade353bbb375d617ea6d93] MBAM may want to remove this program from their list. In addition, I'd recommend that MBAM explain a bit more on their results page, what a PUP refers to. Cheers and thanks for making a great program!
  2. Everything is aok now. Thanks for acting on this so promptly - I appreciate it!
  3. I updated Mbam to 4010 and the problem remains: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4010 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/19/2010 11:08:07 PM mbam-log-2010-04-19 (23-08-07).txt Scan type: Full scan (C:\|) Objects scanned: 267244 Time elapsed: 53 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Stellarium\stellarium.exe (Trojan.Agent) -> No action taken. [8E47C0B6CD76D382D2FDBD0E761828C9] C:\Program Files\FreeMind\Freemind.exe (Trojan.Agent) -> No action taken. [8E47C0B6CD76D382D2FDBD0E761828C9] Thanks.
  4. For future reference, is there a way to edit posts? I did not mean to write "is these false positives" Also, are you thinking of adding a feature to report false positives directly from the program itself? That would be convenient. Thanks!
  5. I have used Stellarium and Freemind for quite some time on my computer and these are both legitimate programs. This is the first time they have ever shown up as infected on any antispyware program. I assume they are false positives. Below is the log: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 4009 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/19/2010 8:55:43 PM mbam-log-2010-04-19 (20-55-43).txt Scan type: Full scan (C:\|) Objects scanned: 266893 Time elapsed: 54 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Stellarium\stellarium.exe (Trojan.Agent) -> No action taken. [8E47C0B6CD76D382D2FDBD0E761828C9] C:\Program Files\FreeMind\Freemind.exe (Trojan.Agent) -> No action taken. [8E47C0B6CD76D382D2FDBD0E761828C9] I zipped the 2 files. This is the first time I have zipped something in quite a long time. Please let me know if I did it correctly. Please let me know is these false positives. Thanks! Freemind_false_positive.zip Stellarium_false_positive.zip
  6. Yesterday, I ran MBAM and it found 3 instances of Rogue.Installer related to an app called Virtual Moon (a nice program for moon watchers). 2 were in restore points. I allowed MBAM to quarantine them. However, I thought they might have been false positives so I restored them from quarantine and ran another MBAM today with the latest definitions. The scan came back clean. I assume that the update took care of the false positives. Is there any reason to submit the false positive report?
  7. By the way Bruce, did you want me to zip the actual install.exe file or just the developers log?
  8. Hi Bruce, Doing a search for C:\install.exe, I found that the file is Microsoft
  9. Thanks for the comments Bruce. I restored the FP items and have attached the log. mbam_log_2009_09_02__22_19_51_.txt
  10. Hi Bruce, What is meant by storing executables in root? Will any exe file stored in root show as an FP? How would I know if something is a FP vs.an infection? Why did the file in this case go to root instead of a more normal location (not sure how a "normal" location would be defined). As I mentioned, I found multiple examples of install.exe on my system and I'm not sure which one to move or where to move it to in my system. Should I restore the FP from quarantine and then rerun my scan and finally choose ignore? I'd rather not ignore such things if I do not know if it is a FP and/or it could simply be moved to another location. I'm not sure what this FP refers to in this instance (which program it is a part of) Thanks!
  11. Hi TeMerc, Thanks for the reply. Actually, I am up to date - I had posted another message a few posts down about a current false positive I received. The question in this post is about an infection I had back on 07/21 - I simply posted the log saved in MBAM from that date. I was wondering what to do about it. Should I restore the items from quarantine and rerun the scan? How do I find out exactly where the items are in my system? I searched for install.exe and found 29 instances. Do you think this was a false positive or an infection? Thanks!
  12. I ran a scan back on 07/21 and the following log was saved: Malwarebytes' Anti-Malware 1.39 Database version: 2468 Windows 5.1.2600 Service Pack 3 7/21/2009 2:31:46 AM mbam-log-2009-07-21 (02-31-46).txt Scan type: Full Scan (C:\|) Objects scanned: 237471 Time elapsed: 37 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully. I did not know about the developer's log at that time and do not remember what I may have done that day. The previous day I had installed some Astronomy software from Carina software. I suppose I could restore the 2 items from quarantine and rerun the scan. Thanks in advance for any suggestions.
  13. As per the request from the main forum - attached is my developer's log. As an aside, I ran scans using Spybot, Ad-Aware, Superantispyware and the paid version of ESET Nod32 AV - all were clean. Thanks for the help! mbam_log_2009_09_01__02_21_28_.txt
  14. I received the following log info.after running MBAM today: Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\infrarecorder (Trojan.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\filehippo.com\Uninstall.exe (Trojan.BHO) -> No action taken. C:\Program Files\InfraRecorder\Uninstall.exe (Trojan.BHO) -> No action taken. C:\System Volume Information\_restore{0ACD1FCD-6804-40AD-AB50-CBEE75A4901E}\RP128\A0015892.exe (Trojan.BHO) -> No action taken. I'm surprised to find trojan.BHO in the filehippo and infrarecorder uninstall.exe files. I've had both installed on my computer for some time and have never had any problems. Could these be false positives? I could restore them if they are. Any help and comments are appreciated. Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.