Trojan BHO. H found in Folder Box and Realalternative

[struan]

Hi,

during a routine scan mbam showed the following warning:

C:\Documents and Settings\Added Software\FolderBox\FolderBox.dll (Trojan.BHO.H) -> No action taken.

Please see below the log:

Malwarebytes' Anti-Malware 1.33

Datenbank Version: 1736

Windows 5.1.2600 Service Pack 3

08.02.2009 03:03:10

mbam-log-2009-02-08 (03-03-07).txt

Scan-Methode: Vollst

[nosirrah]

Added Software

^That folder , is it a custom folder that you named yourself ?

My research into this indicates that this BHO has a different home folder .

The folder in your log should never contain a BHO and is likely the cause of the FP in this case .

[struan]

Hi,

thanks for your quick reply.

Yes, I created the folder to bundle all software added by me to keep track of what I am installing.

Funnily, Avira Antivir came up with the same false positive for FolderBox a week ago which freaked me out a bit.

Can I consider the warnings regarding the registration keys as false positives as well?

Cheers,

Struan

[nosirrah]

I wont answer for any other vendors . I will say that you are taking a risk of FPs by custom installing . There are many unique ways that malware installs and if you duplicate these unique ways you are putting files in locations where heuristics are maxed out thus increasing the chances of FPs.

[Jaba]

I have just run a Malwarebytes scan and found this same false positive for Folderbox.

At first I assumed it was true so I uninstalled and deleted Folderbox then downloaded and reinstalled the application from the developer's site.

I then got the same false positive. Interestingly if I scan just the folderbox.dll file no trojan is found.

I append the first log :

Malwarebytes' Anti-Malware 1.43

Database version: 3486

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

03/01/2010 10:10:18

mbam-log-2010-01-03 (10-10-18).txt

Scan type: Quick Scan

Objects scanned: 103844

Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

d:\PROGRAM FILES\FolderBox\FolderBox.dll (Trojan.BHO.H) -> Delete on reboot.