RRamdeo

Hello, Thanks for the kind words and I thank both of you for all of the help again. Thanks again. I wish all of you all the best. Have a great day.

Hello, So after updating and rescanning, nothing came up. I scanned the file individually and also nothing came up. So I am assuming the file was a false positive after all. If that is the case, thank you for all of the help. If there is anything else I need to do please let me know. I didn't attach any scan logs since nothing was detected. Thank you again for all of the help.

Hello, Thank you both for the replies. To the first question, yes, this is an HP computer. And to the second inquiry, I will now update and scan. After that, I will post the log when it is ready. Thank you for all of the help.

Hello, Thanks again for the reply. I'm not sure I completely get the the duck and goose thing, but I think I get the overall idea. So, when I scanned again after restoring the file from quarantine, the scan picked it up again. I attached the Detection log file. So, is this just a false positive that I should just leave in quarantine, or is there anything else that I should do before classifying it as a false positive? Any further advice is appreciated. Thanks for all of the help. It's greatly appreciated. Malwarebytes Detection Log for RRamdeo Sept 23, 2023.txt

Hello, Thank you for the response. Its comforting to see that nothing flagged the file as malicious. I'll will restore the file and rescan now and update on the results. Any idea on why it would be flagged as positive though? And, moving forward, should I not do custom scans and just stick with the regular threat scan unless something is flagged as positive? Thanks again for all the help.

Hello, Thank you for the reply. I attached the Detection log to this post. I also ended up putting the infected file into quarantine to generate the log. After doing so, I rescanned and everything came up clean. But any advice on how to proceed to see if this is a serious infection would be much appreciated. Thank you for your time. Have a great day. Malwarebytes Detection Log for RRamdeo.txt

Hello, Last month I posted a thread concerning a malware detection that ended up being classified as a false positive. Name: "Malware.AI.2996531189" from file "C:\SWSETUP\DRV\NETWORK\RALINK\RALINKBT\9.2.10.4\SRC\X86\BLUESO~1. CAB. That infected file was created on and last modified on 7/30/2012. As mentioned in the linked previous topic, this computer is over a decade old and is mostly used for some slight tasks like for printing and editing word files. The computer wasn't used since the last "infection" so I'm assuming this is another false positive, but I thought i would post here again for any feedback. The file in question has not been quarantined yet since after checking it, I think it deals with the WIFI bluetooth component of the computer. I will quarantine it if told to do so. Also, I'm just wondering if this computer being over a decade old could be triggering these false positives, if this is indeed another one, and if I would be better off replacing the computer and removing it. In any case, thank you in advance for any help. Have A Great Day.

Hello, Thank you to the both of you for your responses and thank you to everyone for all of your help. You all made this process very manageable and easy to deal with. With that said, I do not have any more questions and will just say thank you again. Thanks Again Have A Great Day and I Wish All of You All the Best

Hello, Thank you for the response. I've ran the kprm tool and have attached the resulting log file to this post. I just have a few more questions about this overall process. First, is there any reason to have the "scan for rootkit" option enabled on custom scans or should I just leave it blank for future scans. Also, I was going to upload the "infected" file to virus total, but I couldn't locate the file. It wasn't in the Malwarebytes TMP folder nor could I find it when I used the Windows search bar. Any ideas on why that is? In any case, thank you and everyone else for all of the responses and for all of the help. It really made this process very straightforward and easy. Thank Again. Have A Great Day. kprm-20230822115721.txt

I just wanted to add that the above warning message was brought up by Microsoft WIndows SmartScreen. Okay, thanks again.

Hello, Thank you to the both of you for your responses and help it is greatly appreciated. I downloaded the kprm tool executable. When I tried to run it on my computer it gives me the message "Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.", is it okay to run the app? Sorry for a question that might be overly cautious, but after this virus scare I just wanted to be extra careful. Thank again for everything.

Hello, Thank you for quick responses to my questions. I believe I have done everything you have asked for. The Malwarebytes Support Tool report and the results for the Kaspersky Virus Removal Tool are enclosed. The scan with the removal tool came up with no detections. Thank you for any future guidance and thank you for all of your help thus far. Have a great day. mbst-grab-results.zip report_2023.08.21_13.12.07.klr.txt

Hello, Thank you in advance for any help. Results of a Malwarebytes custom scan including rootkits Name: Virus.Sality Type: Malware Object Type: File Location: C/PROGRAMDATA/MALWAREBYTES/MBAMSERVICE/TMP/HPISCNAPP.EXE-K.MBAM Action: Delete on Reboot (Reading through this site, I know I'm supposed to upload logs and other files, but I took the pc that is 'infected' off the network to be safe. Also, the above has happened with three separate scans.) Monthly, I scan my family's windows 10 computer with Windows Defender and the free edition of Malwarebytes. I usually run a Defender quick and fullscan and a default Malwarebytes scan. This month, the Windows Defender full scan found 7 PUAs which were all files and container files of old CCleaner executables. Some of these were up to 10 years old. I cleaned all of those files out, rescanned and everything came up clean. These "positives" from Windows Defender made me scan the computer with a Malwarebytes custom scan including rootkits. This scan came up with Virus.Sality as mentioned above. Malwarebytes quarantined and deleted the file on reboot. However, whenever I performed a Malwarebytes custom scan including rootkits, this file keeps coming up in the same place. Nothing else is detected even after 12 hours of scanning. When I scan with Malwarebytes and do not include for rootkits this file never comes up. This virus also never comes up with a Windows Defender quick or full scan. I read through this forum afterwards and read that the scan for rootkit option is defaulted to off for various reasons. So, i was just wondering, is this a genuine Virus.Sality infection or is it a false positive due to enabling rootkits to be scanned. Also, the virus is usually found during the "scanning file system" portion of the scan and not the "scanning for rootkits" portion of the scan. The computer shows no signs of a virus infection such as slowdowns, weird downloads, etc. The one "weird" thing is in the folder where the virus is supposedly located, in the TMP folder for Malwarebytes, there are several zip files with long names of random letters and numbers. I'm not sure if that is normal or not, even though they all have "Date Modified" times that correspond to when I scanned with Malwarebytes. In any case, thank you for reading. Any help, advice or information would be appreciated. Thanks again, and have a great day.