Possible temporary false positive?

[Hoov]

I am not sure if this would fall into a program error or a false positive, but just a bit ago I had thunderbird 11.0 crash on me. Right after it crashed (I was away from the keyboard at the time) Malwarebytes' Anti-Malware did a scheduled flash scan. During the flash scan it found several hundred Trojan files. When I got to my computer I first tried canceling the thunderbird crash report and it was frozen. Then I dealt with Malwarebytes' Anti-Malware warning, and submitted the first couple of files to virustotal.com to check them out. They all came back clean, so I ended up canceling the entire results from Malwarebytes' Anti-Malware. At that point the thunderbird report disappeared. I am in the process of doing a full scan of my computer with both Malwarebytes' Anti-Malware and my Antivirus but I highly doubt it will find anything.

Was this a glitch between two programs or a false positive?

[David H. Lipman]

Can you post a log snippet and sample ?

[Hoov]

Here is a clip, and two files that it says are trojans.

2012/03/17 19:08:20 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\iscsicpl.dll Trojan. ALLOW

2012/03/17 19:08:28 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:29 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\perfos.dll Trojan. ALLOW

2012/03/17 19:08:30 -0400 LAPTOP Hoov DETECTION C:\Program Files\AVG\AVG2012\avgcmgr.exe Trojan. ALLOW

2012/03/17 19:08:31 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\taskhost.exe Trojan. ALLOW

2012/03/17 19:08:32 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\drivers\monitor.sys Trojan. ALLOW

2012/03/17 19:08:32 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\avicap32.dll Trojan. ALLOW

2012/03/17 19:08:34 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\oleacc.dll Trojan. ALLOW

2012/03/17 19:08:35 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\svchost.exe Trojan. ALLOW

2012/03/17 19:08:36 -0400 LAPTOP Hoov DETECTION C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Trojan. ALLOW

2012/03/17 19:08:36 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\kernel32.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\netfxperf.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\avicap32.dll Trojan. ALLOW

samples.zip

[shadowwar]

Right now they are not detected on this end with

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

912031708 (current database as of this writing. )

What version of db and program are you running?

Whatever you do dont quaritine or remove any of these files. Something is seriously wrong with the mbam install possibly.

[Hoov]

Here is what I am running,

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

Database version: v2012.03.17.08

I know there is not anything wrong with them, as a subsequent scan showed nothing. The only thing that was different between the two scans was a crash of Thunderbird during the scan.

[shadowwar]

Ok so its not doing it anymore.

It was a strange detection cause it was only trojan.

and we dont have anything named that in database.

Let us know if it happens again.

[Hoov]

Curious. Will do.