Jump to content

Possible temporary false positive?


Recommended Posts

I am not sure if this would fall into a program error or a false positive, but just a bit ago I had thunderbird 11.0 crash on me. Right after it crashed (I was away from the keyboard at the time) Malwarebytes' Anti-Malware did a scheduled flash scan. During the flash scan it found several hundred Trojan files. When I got to my computer I first tried canceling the thunderbird crash report and it was frozen. Then I dealt with Malwarebytes' Anti-Malware warning, and submitted the first couple of files to virustotal.com to check them out. They all came back clean, so I ended up canceling the entire results from Malwarebytes' Anti-Malware. At that point the thunderbird report disappeared. I am in the process of doing a full scan of my computer with both Malwarebytes' Anti-Malware and my Antivirus but I highly doubt it will find anything.

Was this a glitch between two programs or a false positive?

Link to post
Share on other sites

Here is a clip, and two files that it says are trojans.

2012/03/17 19:08:20 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\iscsicpl.dll Trojan. ALLOW

2012/03/17 19:08:28 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:29 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\perfos.dll Trojan. ALLOW

2012/03/17 19:08:30 -0400 LAPTOP Hoov DETECTION C:\Program Files\AVG\AVG2012\avgcmgr.exe Trojan. ALLOW

2012/03/17 19:08:31 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\taskhost.exe Trojan. ALLOW

2012/03/17 19:08:32 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\drivers\monitor.sys Trojan. ALLOW

2012/03/17 19:08:32 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\avicap32.dll Trojan. ALLOW

2012/03/17 19:08:34 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\oleacc.dll Trojan. ALLOW

2012/03/17 19:08:35 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\svchost.exe Trojan. ALLOW

2012/03/17 19:08:36 -0400 LAPTOP Hoov DETECTION C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Trojan. ALLOW

2012/03/17 19:08:36 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\kernel32.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\netfxperf.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\ntdll.dll Trojan. ALLOW

2012/03/17 19:08:37 -0400 LAPTOP Hoov DETECTION C:\Windows\System32\avicap32.dll Trojan. ALLOW

samples.zip

Link to post
Share on other sites

  • Staff

Right now they are not detected on this end with

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

912031708 (current database as of this writing. )

What version of db and program are you running?

Whatever you do dont quaritine or remove any of these files. Something is seriously wrong with the mbam install possibly.

Link to post
Share on other sites

Here is what I am running,

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

Database version: v2012.03.17.08

I know there is not anything wrong with them, as a subsequent scan showed nothing. The only thing that was different between the two scans was a crash of Thunderbird during the scan.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.