Jump to content

Trojan BHO. H found in Folder Box and Realalternative


struan

Recommended Posts

Hi,

during a routine scan mbam showed the following warning:

C:\Documents and Settings\Added Software\FolderBox\FolderBox.dll (Trojan.BHO.H) -> No action taken.

Please see below the log:

Malwarebytes' Anti-Malware 1.33

Datenbank Version: 1736

Windows 5.1.2600 Service Pack 3

08.02.2009 03:03:10

mbam-log-2009-02-08 (03-03-07).txt

Scan-Methode: Vollst

Link to post
Share on other sites

Added Software

^That folder , is it a custom folder that you named yourself ?

My research into this indicates that this BHO has a different home folder .

The folder in your log should never contain a BHO and is likely the cause of the FP in this case .

Link to post
Share on other sites

Hi,

thanks for your quick reply.

Yes, I created the folder to bundle all software added by me to keep track of what I am installing.

Funnily, Avira Antivir came up with the same false positive for FolderBox a week ago which freaked me out a bit.

Can I consider the warnings regarding the registration keys as false positives as well?

Cheers,

Struan

Link to post
Share on other sites

I wont answer for any other vendors . I will say that you are taking a risk of FPs by custom installing . There are many unique ways that malware installs and if you duplicate these unique ways you are putting files in locations where heuristics are maxed out thus increasing the chances of FPs.

Link to post
Share on other sites

  • 10 months later...

I have just run a Malwarebytes scan and found this same false positive for Folderbox.

At first I assumed it was true so I uninstalled and deleted Folderbox then downloaded and reinstalled the application from the developer's site.

I then got the same false positive. Interestingly if I scan just the folderbox.dll file no trojan is found.

I append the first log :

Malwarebytes' Anti-Malware 1.43

Database version: 3486

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

03/01/2010 10:10:18

mbam-log-2010-01-03 (10-10-18).txt

Scan type: Quick Scan

Objects scanned: 103844

Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

d:\PROGRAM FILES\FolderBox\FolderBox.dll (Trojan.BHO.H) -> Delete on reboot.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.