Jump to content

ggctuk

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Today I bring you this false positive: tomb4.exe, modified by the Tomb Raider Engine Patcher. http://www.megaupload.com/?d=QALD2C9N There are variations on the exact executeable, dependant on the settings in the patcher. I think the original site best explains it: http://trep.trlevel.de/en/index.html Log file: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6863 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 15/06/2011 22:07:04 mbam-log-2011-06-15 (22-07-01).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 402380 Time elapsed: 3 hour(s), 3 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: d:\base tomb4 exe set\tomb4.exe (Trojan.FakeAlert) -> No action taken. d:\program files\core design\tomb raider unfinished business revised\tomb4.exe (Trojan.FakeAlert) -> No action taken. d:\program files\core design\tomb raider - return of lara croft\tomb4.exe (Trojan.FakeAlert) -> No action taken. d:\program files\core design\tomb raider remnants\tomb4.exe (Trojan.FakeAlert) -> No action taken.
  2. Further to this topic , I am providing the stdrt.exe files and folders. Here is the report: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6640 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 27/05/2011 19:07:40 mbam-log-2011-05-27 (19-07-28).txt Scan type: Quick scan Objects scanned: 176564 Time elapsed: 15 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\Temp\mrtC486.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [1cd448d12cd4a15ff0251dfb8c7419e7] c:\Windows\Temp\mrtC5AE.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [c32d0e0b01ff51afe92ce236748cdf21] c:\Windows\Temp\mrtC763.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [0ae6dd3ccc3489771afbf325da268779] c:\Windows\Temp\mrtC966.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [d61a78a142bec33dfb1a49cf0df3c43c] c:\Windows\Temp\mrtCAFB.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [16dad346ea16e917fc190a0e28d84ab6] c:\Windows\Temp\mrtCBD6.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [727ece4b48b87f8141d424f4a15f7888] c:\Windows\Temp\mrtD43F.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [628e0d0c04fc827ec64f9286709013ed] c:\Windows\Temp\mrtD883.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [a54bfa1f32ce956b6fa655c3ec1423dd] c:\Windows\Temp\mrtD9AB.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [4aa61801a957d12f9283b36501ff718f] c:\Windows\Temp\mrtDCF5.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [6f81150437c97987b164f91fe7198878] c:\Windows\Temp\mrtE30D.tmp\stdrt.exe (Trojan.FakeMS) -> No action taken. [b33d180116eaef1129ec66b2ba46eb15] Stdrt_exe_files.rar
  3. @Firefox - I run MalwareBytes alongside McAfee, yes. I use it if I suspect there is something that McAfee can't pick up. I'll locate it and send it. @ThexDarksider - I had downloaded the demo of 9.1, from the site. I scanned the installation executeable and found nothing. Somebody sent me a code for it, (which they assured me they had paid for but never used, having instead decided to use Cubase, although that's neither here nor there) but I didn't directly patch the executeable. The point is, from what I read of the infection of stdrt.exe, it also installs registry entries and regw2.exe, which has not happened on my system, and indeed, when I searched, it is apparently a program that is created when FL Studio is on your system.
  4. I have been using Malwarebytes ever since McAfee failed to detect the MS Antivirus infection several months back. Now, here is my first real problem. I scanned my computer recently, and Malwarebytes picked up an 'infection' called stdrt.exe. It runs whenever I start up (although it usually crashes anyway due to my firewall settings). It cannot be removed because it respawns again. I did a little research on stdrt.exe. The first thing I noticed is that descriptions of the infection of a virus version of stdrt.exe do not match up to what it does on my machine - most of the registry entries have not changed or been created, nor has regw2.exe (a program that is supposed to create and start the stdrt.exe program upon startup before terminating itself). stdrt.exe does not play music in the background like some places claim, and it does not interfere with my memory, so I did a little bit more digging, and it seems it is legitimately created when you install Fruity Loops Studio (FL Studio 9). I don't know if the stdrt.exe that FL Studio creates harms my computer in any way (it hasn't so far), so could this be a case of a false positive?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.