mountaintree16 Posted December 12, 2011 ID:504152 Share Posted December 12, 2011 Hi,I did a quick scan just now and Malwarebytes found fsquirt.exe in System32 as a Trojan Dropper. I think that this is a false positive. Also it has been a file on the computer since 2004. It was found before the heuristics part of the scan. Here is my log and a copy of the file attached.Also just now the PM module has come up with fsquirt.exe as a threat as I am locating the file to attach to this post... I decided to minimize it and the computer froze for a bit. Probably not a good idea to minimized the PM I ended up using TaskManger to end the open Mbam windows so that my machine would unfreeze. It came up again when I went to send it to a zip folder and for now I chose "Ignore".This is the first time that I have ever seen the PM module come up to me on my machine and it was not SpyCar . Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8357Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/12/2011 1:30:59 PMmbam-log-2011-12-12 (13-30-55).txtScan type: Quick scanObjects scanned: 184142Time elapsed: 9 minute(s), 37 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\system32\fsquirt.exe (Trojan.Dropper.BCM) -> No action taken. [a0051a061ce4ba4607625b8dc73904fc]Thank you Link to post Share on other sites More sharing options...
sUBs Posted December 12, 2011 ID:504154 Share Posted December 12, 2011 Thank you for reporting this. It shall be fixed in the next update. Link to post Share on other sites More sharing options...
mountaintree16 Posted December 12, 2011 Author ID:504160 Share Posted December 12, 2011 You're welcome!That was super fast! Thank you for letting me know! Link to post Share on other sites More sharing options...
nicola Posted December 12, 2011 ID:504171 Share Posted December 12, 2011 Hi allI have the same problem, check to virustotal and is cleanMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgVersione database: 8357Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/12/2011 16.38.50mbam-log-2011-12-12 (16-38-50).txtTipo di scansione: Scansione completa (C:\|)Elementi esaminati: 214905Tempo impiegato: 22 minuti, 43 secondiProcessi infetti in memoria: 0Moduli di memoria infetti: 0Chiavi di registro infette: 0Valori di registro infetti: 0Voci infette nei dati di registro: 0Cartelle infette: 0File infetti: 1Processi infetti in memoria:(Non sono stati rilevati elementi nocivi)Moduli di memoria infetti:(Non sono stati rilevati elementi nocivi)Chiavi di registro infette:(Non sono stati rilevati elementi nocivi)Valori di registro infetti:(Non sono stati rilevati elementi nocivi)Voci infette nei dati di registro:(Non sono stati rilevati elementi nocivi)Cartelle infette:(Non sono stati rilevati elementi nocivi)File infetti:c:\WINDOWS\system32\fsquirt.exe (Trojan.Dropper.BCM) -> Quarantined and deleted successfully.I restore the file, is Blotooth elements Link to post Share on other sites More sharing options...
ianc150 Posted December 13, 2011 ID:504709 Share Posted December 13, 2011 Same here. Today, your program quarantined 3 files, squirt.exe in 3 different windows locations. The file was identified as a Trojan.dropper.The computer required a restart.Please advise whether I should restore these files?Or do nothing?Many thanksIan Link to post Share on other sites More sharing options...
exile360 Posted December 13, 2011 ID:504710 Share Posted December 13, 2011 Greetings Yes, you should restore the files from quarantine and then update Malwarebytes Anti-Malware and perform another scan to verify that those files that you restored are no longer detected. That will confirm that all 3 of them were indeed false positives. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now