Jump to content

MBAM V. 1.60.0.1800 Prevx 3.0 Report Infected


Recommended Posts

it seems Prevx 3.0 has a lot of work, usually they update their database in a few hours, I still have 2 FP:

c:\program files\malwarebytes' anti-malware\mbamgui.exe

\REGISTRY\Machine\Software\Microsft\Windows\CurrentVersion\Run\..

Can you tell me what the 3rd line means in the picture? If you could save a scan log and show the [PX5] lines that say in front? You should stay in one place for we can help you best as it is a Prevx issue!

Thanks,

TH

Link to post
Share on other sites

Can you tell me what the 3rd line means in the picture? If you could save a scan log and show the [PX5] lines that say in front? You should stay in one place for we can help you best as it is a Prevx issue!

Thanks,

TH

The the 3rd line is when I moved all the files in order to winrar and e-mail it at report@prevxresearch.com, but finally I submited it at http://info.prevx.com/service.asp

Prevx Scan Log - Version v3.0.5.220

Log Generated: 28/12/2011 18:30, Type: 0,1

Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033

Hostname: EXCLUDE FOR SECURITY REASONS

Some non-malicious files are not included in this log.

Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)

Last Scan: Wed 2011-12-28 18:30:12 Mexico Standard Time. Number of Scans: 20. Last Scan Duration: 3 minutes 27 seconds.

c:\program files\malwarebytes' anti-malware\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514] Malware Group: High Risk Cloaked Malware

c:\del\prevx mbam\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514] Malware Group: High Risk Cloaked Malware

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="regsvr32 /s mqrt.dll"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"RTHDCPL"="RTHDCPL.EXE"

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2012\\avp.exe\""

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

post-104506-0-90356500-1325119233.jpg

Link to post
Share on other sites

Yes, this is a false positive.

I am start to think we are not face with a FP, 24 hours and I still have 2 infections, so there is only 3 options:

MABM latest version is infected

Prevx is not a reliable application

Prevx Team, can not declare as a FP and update their database, because the file mbamgui.exe is a High Risk Cloaked Malware and the key

"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" is infected

In other hand, I do not have problems running, updating, booting with the MABM latest version. under Windows XP Pro SP3 (All the hotfixes up-to-date)

KIS

SUPERAntiSpyware Free Edition

Spybot - Search & Destroy

Prevx 3.0

i Will scan with my antimalware software and I will post the result

Meanwhile, my advice is urgent to run Microsoft Baseline Security Analyzer 2.2 (for IT Professionals)

http://www.microsoft.com/download/en/details.aspx?id=7558

Link to post
Share on other sites

I have this problem as well.

c:\program files\malwarebytes' anti-malware\mbamgui.exe

and

\REGISTRY\Machine\Software\Microsft\Windows\CurrentVersion\Run\

are both identified as infections by Prevx. I updated MBAM today so there really shouldn't be anything wrong with it. ESET NOD32 says it's clean, so I'm a bit confused.

According to this thread, this was reported to Prevx yesterday and should have been taken care of - this makes me even more confused and a bit nervous. Should I report it to Prevx as a FP or should I delete and re-install?

I have a HP Compaq with Vista home premium service pack 2, if that matters at all.

I'm pretty new to doing my own problem solving when it comes to computers, so make it as simple as possible. :D

Link to post
Share on other sites

Hello,

MBAM is not malware nor does it contain any malware.

We regret any concern this maybe causing our users but it is entirely beyond our control to fix the PrevX detections.

I would suggest anybody still concerned that you contact PrevX support and request answers from them as to why they are making these incorrect detections and why it is taking them so long to remove/remediate them.

Thanks for your patience and understanding on this :)

Link to post
Share on other sites

@Camelia and Elemjay and anyone else that has FP's with Prevx please use the Prevx Support Forms where we can help you best and not here! And I was just told that these FP's were corrected!

RE:(Dec 29, 2011 12:58)

Hi there,

Thank you for alerting us to this file.

We have now corrected this.

Kind Regards,

Prevx Support

Thanks,

TH

Link to post
Share on other sites

Hello,

MBAM is not malware nor does it contain any malware.

We regret any concern this maybe causing our users but it is entirely beyond our control to fix the PrevX detections.

I would suggest anybody still concerned that you contact PrevX support and request answers from them as to why they are making these incorrect detections and why it is taking them so long to remove/remediate them.

Thanks for your patience and understanding on this :)

oK, It seem we are not welcome at Malwarebytes Anti-Malware Forum,

Just Remember MBAM Team you are closing doors with other security solutions, and with unhappy users.

Before I leave this thread I want to report the following:

Prevx 3.0

System Status: CLEAN

Before

Prevx Scan Log - Version v3.0.5.220

Log Generated: 28/12/2011 21:03, Type: 0,1

Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033

Hostname: EXCLUDE FOR SECURITY REASONS

Some non-malicious files are not included in this log.

Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)

Last Scan: Wed 2011-12-28 20:58:10 Mexico Standard Time. Number of Scans: 22. Last Scan Duration: 11 minutes 4 seconds

c:\program files\malwarebytes' anti-malware\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514] Malware Group: High Risk Cloaked Malware

c:\del\prevx mbam\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514] Malware Group: High Risk Cloaked Malware

Key

"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" infected

After

Prevx Scan Log - Version v3.0.5.220

Log Generated: 29/12/2011 09:32, Type: 0,1

Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033

Hostname: EXCLUDE FOR SECURITY REASONS

Some non-malicious files are not included in this log.

Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)

Last Scan: Thu 2011-12-29 09:31:13 Mexico Standard Time. Number of Scans: 24. Last Scan Duration: 8 minutes 50 seconds.

[G] (ACTIVE) c:\del\prevx mbam\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514]

[G] c:\program files\malwarebytes' anti-malware\mbamgui.exe [PX5: BA939ED248D58CE308F207C15E4915009657C514]

There is no problem with the key

"Malwarebytes' Anti-Malware"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"

I do not trust MBAM latest version.

If you want to know my reasons.. please ask me

Link to post
Share on other sites

  • Staff

Camelia we are sorry you feel this way. This was nothing we had control over and it was just a False positive on prevx's part. It happens to any anti malware company. They fixed it and its no longer detected. I am not sure why you wouldnt trust us. I am sorry if you feel you were not welcome here. We never meant or said that.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.