almirsahbaz Posted May 17, 2012 ID:552360 Share Posted May 17, 2012 I just scanned my computer and malwarebytes reported this file as infected (Trojan.FakeAlert). This file wasn't modified since 2009 and I think this might be a false positive. I attached my scanning results and this file, so you can check it and fix this in next update.mbam-log-2012-05-17 (21-25-37).txtDFDWiz.rar Link to post Share on other sites More sharing options...
MartinOShea Posted May 17, 2012 ID:552372 Share Posted May 17, 2012 HelloI've also had Malwarebytes report this file:C:\Windows\System32\DFDWiz.exeAs as a (Trojan.FakeAlert). But the version of the file, on a Windows 7 laptop, is reported as last having been modified on 14 Jul 2009 @ 02 14 hrs.The file's version is: 6.1.7600.16385. My version of Malwarebytes is 1.60.1 and the database version is v2012.05.17.06.Can you tell me if this is a genuine issue or not?ThanksMartin O'Shea. Link to post Share on other sites More sharing options...
Beenthere Posted May 17, 2012 ID:552375 Share Posted May 17, 2012 It's definitely a FP, I got this aswell and I have been completely clean for years now. Link to post Share on other sites More sharing options...
almirsahbaz Posted May 17, 2012 Author ID:552379 Share Posted May 17, 2012 In my case file which is located in C:\Windows\System32\DFDWiz.exe is not reported as infected. Mine is located in C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe Link to post Share on other sites More sharing options...
Moose1964 Posted May 17, 2012 ID:552382 Share Posted May 17, 2012 New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.mbam-log-2012-05-17 (13-32-57).txt Link to post Share on other sites More sharing options...
MartinOShea Posted May 17, 2012 ID:552387 Share Posted May 17, 2012 For what it's worth, scans of file:C:\Windows\System32\DFDWiz.exeBy Microsoft Security Essentials and Norton Internet Security with current definitions don't detect anything. Link to post Share on other sites More sharing options...
MartinOShea Posted May 17, 2012 ID:552388 Share Posted May 17, 2012 DFDWiz.exe is given a clean bill of health here:https://www.virustotal.com/file/867b8cbe2831f1782e1a77a6b5c71bdbcaee69e363d15691df3f9006abbd2f99/analysis/ Link to post Share on other sites More sharing options...
nosirrah Posted May 17, 2012 ID:552389 Share Posted May 17, 2012 About to be fixed. Link to post Share on other sites More sharing options...
Moose1964 Posted May 17, 2012 ID:552391 Share Posted May 17, 2012 About to be fixed.nosirrah, is this something we should worry about? Link to post Share on other sites More sharing options...
almirsahbaz Posted May 17, 2012 Author ID:552392 Share Posted May 17, 2012 Update just came out, and this is fixed. Thank you. Link to post Share on other sites More sharing options...
MartinOShea Posted May 17, 2012 ID:552393 Share Posted May 17, 2012 Running a scan here and everything seems fine. Thanks for the excellent service. Link to post Share on other sites More sharing options...
nosirrah Posted May 17, 2012 ID:552413 Share Posted May 17, 2012 Thanks for reporting back guys. Link to post Share on other sites More sharing options...
Moose1964 Posted May 17, 2012 ID:552415 Share Posted May 17, 2012 Thanks for the fix! Everything is back to normal on my end! Link to post Share on other sites More sharing options...
WhitePhoenix Posted May 17, 2012 ID:552456 Share Posted May 17, 2012 There's someone on the Malware Removal help forum that's reporting this. Since normal users aren't allowed to post in other users' topics, can one of the higher level members go into that topic and let the user know that their system is fine and this was a false positive? Maybe make some sort of sticky? Link to post Share on other sites More sharing options...
turtledove Posted May 18, 2012 ID:552498 Share Posted May 18, 2012 Thanks nosirrah, just ran dev mode and all 3 scan types after dequarantining the file when I got home. Also in normal flash scan. All is well since update 7 forward.Thanks for all the work you do.Kind Regards Link to post Share on other sites More sharing options...
skinny Posted May 18, 2012 ID:552530 Share Posted May 18, 2012 I had this problem, the following 2 files were quarantined and show up on the quarantined page. After finding they were false positives I treis to restore them. The frist one restores, the second will not and remains as quarantined. I am running the Windows 7 with the latest corrections, version on malware bytes is 1.61.0.1400, database v2012.05.18.01, fingerprints 326170C:\Windows\System32\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_c50b5b3967029178\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.So how do I get the file back, apart from doing a windows restore and hoping it does it?thanks Link to post Share on other sites More sharing options...
ads_green Posted May 18, 2012 ID:552534 Share Posted May 18, 2012 New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.I can help here.The problem is related to Avast - the latest update of the program seems to have broken the cache for scanning programs when executed.What should happen is the program scanned (which causes a noticeable hic-cup delay... enough to think you've not clicked the icon properly) and the results stored in an Avast! cache with a checksum. The next time the program is run and if the checksum is the same then it skips scanning so opens quicker.Unfortunately this cache/checksum is broken so it scans the files almost everytime. You can confirm it by opening up Avast! and turning off the real time protection and try to re-open the file. It should start straight away.There is a patch that works much better here http://public.avast.com/~rypacek/patches/#ap20120403001In the end I switched as it was driving me insane! Link to post Share on other sites More sharing options...
mmurphy Posted May 18, 2012 ID:552684 Share Posted May 18, 2012 Yesterday, 5/17/12 I ran PCTools which is my primary antivirus using a quick scan and a full scan. Found nothing. I updated MWB with the most current database and thenI followed up with a full scan by Malwarebytes, and it identified DFDwiz.exe as Trojan Fake Alert. Foolishly I told MWB to quarantine it. Now I have learned that it was a false positive, but I am now missing DFDwiz.exe. It shows in the MWB quarantine log as quarantined, and I tried multiple times to restore it but nothing happened. I went to the folder where it is supposed to be and the folder is completely empty. Does anyone have a suggestion about getting a copy of DFDwiz.exe or of how to restore the file that got quarantined? The file I had was last modified 7/13/09 and was 77.5kb. File version was 6.1.7600.16385. The log message I got from MWB was: C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. My computer in all other respects is running perfectly - no difference from before yesterday. No signs of virus activity. I am concerned that my registry was altered by MWB as well, but I have no specific basis for that concern. Link to post Share on other sites More sharing options...
Staff shadowwar Posted May 18, 2012 Staff ID:552718 Share Posted May 18, 2012 The file is attached in the first post if you really need it. Where it was deleted from your machine it was just a cached older version for backwards compatibility with applications and is almost never needed.This detection would not have altered your registry in any way.Cheers. Link to post Share on other sites More sharing options...
Brumak4eva Posted May 19, 2012 ID:552885 Share Posted May 19, 2012 I've experienced the same problem, specifically with Windows opening programs very, very slowly. The first Malwarebytes scan quarantined and removed DFDWiz.exe while every scan since then has been bringing up the other file mentioned (the windows diagnostic user resolver). It's been quarantined and removed several times, but still comes back up, which I now know to just be a problem with Malwarebytes current version. However, the "Check for Updates" option is grayed out so I must be fully updated. The database version is v2012.05.17.06 and another user posted that there's was 05.18.01 so I'm guessing I'm just missing something here. Link to post Share on other sites More sharing options...
skinny Posted May 19, 2012 ID:552897 Share Posted May 19, 2012 Seems to me that not being able to restore a quarantined file is a bug in Malwarebytes that needs fixing. Saying the file is not really needed and pointing users to a .RAR file in a previous post, which I dont think can be opened with a standard windows system (7 in my case) although I could be wrong on this, seems to be evading the real issue. Link to post Share on other sites More sharing options...
ads_green Posted May 19, 2012 ID:552909 Share Posted May 19, 2012 Wonder if it's anything to do with UAC in windows 7? (might not be able to acces the windows folder???)Can you run malware bytes as admin?As for slow program opening - are you running avast? Link to post Share on other sites More sharing options...
Staff shadowwar Posted May 19, 2012 Staff ID:552919 Share Posted May 19, 2012 Brumak4eva. Malwarebytes needs to be updated for this to no longer be detected. Are you running as administrator or have a scheduled job run to update? If you are not running as admin or don't have a job scheduled i believe it will be grayed out. Other than that i would Follow the directions below to contact supportSkinny,Not sure how i am evading the issue with you?. If you would still like to restore the file manually i have reattached it here in zip format. 7zip is a great addition and free to deal with rar files in the future. http://www.7-zip.org/ .As far as the quarintine issue you would have to contact support to get that sorted as i am not in support and not sure why it would not restore. You can make a post in the general forum about it and the support team will help you with it. If you are a paid user you can contact support directly by email. The options are on this link:http://www.malwareby...upport/consumerDFDWiz.zip Link to post Share on other sites More sharing options...
chirac Posted May 19, 2012 ID:552920 Share Posted May 19, 2012 helloi got the same problem DFDWiz.exe is in the MBAM quarantaine but impossible to restore it... will a fixe coming about it? Link to post Share on other sites More sharing options...
Staff shadowwar Posted May 19, 2012 Staff ID:552929 Share Posted May 19, 2012 Chirac please see above my previous post. Please contact support and they will help you with the restore problem. Or you can download the file above and restore manually. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now