DFDWiz.exe

[almirsahbaz]

I just scanned my computer and malwarebytes reported this file as infected (Trojan.FakeAlert). This file wasn't modified since 2009 and I think this might be a false positive. I attached my scanning results and this file, so you can check it and fix this in next update.

mbam-log-2012-05-17 (21-25-37).txt

DFDWiz.rar

[MartinOShea]

Hello

I've also had Malwarebytes report this file:

C:\Windows\System32\DFDWiz.exe

As as a (Trojan.FakeAlert). But the version of the file, on a Windows 7 laptop, is reported as last having been modified on 14 Jul 2009 @ 02 14 hrs.

The file's version is: 6.1.7600.16385. My version of Malwarebytes is 1.60.1 and the database version is v2012.05.17.06.

Can you tell me if this is a genuine issue or not?

Thanks

Martin O'Shea.

[Beenthere]

It's definitely a FP, I got this aswell and I have been completely clean for years now.

[almirsahbaz]

In my case file which is located in C:\Windows\System32\DFDWiz.exe is not reported as infected. Mine is located in C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe

[Moose1964]

New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.

mbam-log-2012-05-17 (13-32-57).txt

[MartinOShea]

For what it's worth, scans of file:

C:\Windows\System32\DFDWiz.exe

By Microsoft Security Essentials and Norton Internet Security with current definitions don't detect anything.

[MartinOShea]

DFDWiz.exe is given a clean bill of health here:

https://www.virustotal.com/file/867b8cbe2831f1782e1a77a6b5c71bdbcaee69e363d15691df3f9006abbd2f99/analysis/

[nosirrah]

About to be fixed.

[Moose1964]

About to be fixed.

nosirrah, is this something we should worry about?

[almirsahbaz]

Update just came out, and this is fixed. Thank you.

[MartinOShea]

Running a scan here and everything seems fine. Thanks for the excellent service.

[nosirrah]

Thanks for reporting back guys.

[Moose1964]

Thanks for the fix! Everything is back to normal on my end!

[WhitePhoenix]

There's someone on the Malware Removal help forum that's reporting this. Since normal users aren't allowed to post in other users' topics, can one of the higher level members go into that topic and let the user know that their system is fine and this was a false positive? Maybe make some sort of sticky?

[turtledove]

Thanks nosirrah, just ran dev mode and all 3 scan types after dequarantining the file when I got home. Also in normal flash scan. All is well since update 7 forward.

Thanks for all the work you do.

Kind Regards

[skinny]

I had this problem, the following 2 files were quarantined and show up on the quarantined page. After finding they were false positives I treis to restore them. The frist one restores, the second will not and remains as quarantined. I am running the Windows 7 with the latest corrections, version on malware bytes is 1.61.0.1400, database v2012.05.18.01, fingerprints 326170

C:\Windows\System32\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_c50b5b3967029178\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

So how do I get the file back, apart from doing a windows restore and hoping it does it?

thanks

[ads_green]

New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.

I can help here.

The problem is related to Avast - the latest update of the program seems to have broken the cache for scanning programs when executed.

What should happen is the program scanned (which causes a noticeable hic-cup delay... enough to think you've not clicked the icon properly) and the results stored in an Avast! cache with a checksum. The next time the program is run and if the checksum is the same then it skips scanning so opens quicker.

Unfortunately this cache/checksum is broken so it scans the files almost everytime. You can confirm it by opening up Avast! and turning off the real time protection and try to re-open the file. It should start straight away.

There is a patch that works much better here http://public.avast.com/~rypacek/patches/#ap20120403001

In the end I switched as it was driving me insane!

[mmurphy]

Yesterday, 5/17/12 I ran PCTools which is my primary antivirus using a quick scan and a full scan. Found nothing. I updated MWB with the most current database and thenI followed up with a full scan by Malwarebytes, and it identified DFDwiz.exe as Trojan Fake Alert. Foolishly I told MWB to quarantine it. Now I have learned that it was a false positive, but I am now missing DFDwiz.exe. It shows in the MWB quarantine log as quarantined, and I tried multiple times to restore it but nothing happened. I went to the folder where it is supposed to be and the folder is completely empty. Does anyone have a suggestion about getting a copy of DFDwiz.exe or of how to restore the file that got quarantined? The file I had was last modified 7/13/09 and was 77.5kb. File version was 6.1.7600.16385. The log message I got from MWB was: C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. My computer in all other respects is running perfectly - no difference from before yesterday. No signs of virus activity. I am concerned that my registry was altered by MWB as well, but I have no specific basis for that concern.

[shadowwar]

The file is attached in the first post if you really need it. Where it was deleted from your machine it was just a cached older version for backwards compatibility with applications and is almost never needed.

This detection would not have altered your registry in any way.

Cheers.

[Brumak4eva]

I've experienced the same problem, specifically with Windows opening programs very, very slowly. The first Malwarebytes scan quarantined and removed DFDWiz.exe while every scan since then has been bringing up the other file mentioned (the windows diagnostic user resolver). It's been quarantined and removed several times, but still comes back up, which I now know to just be a problem with Malwarebytes current version. However, the "Check for Updates" option is grayed out so I must be fully updated. The database version is v2012.05.17.06 and another user posted that there's was 05.18.01 so I'm guessing I'm just missing something here.

[skinny]

Seems to me that not being able to restore a quarantined file is a bug in Malwarebytes that needs fixing. Saying the file is not really needed and pointing users to a .RAR file in a previous post, which I dont think can be opened with a standard windows system (7 in my case) although I could be wrong on this, seems to be evading the real issue.

[ads_green]

Wonder if it's anything to do with UAC in windows 7? (might not be able to acces the windows folder???)

Can you run malware bytes as admin?

As for slow program opening - are you running avast?

[shadowwar]

Brumak4eva. Malwarebytes needs to be updated for this to no longer be detected. Are you running as administrator or have a scheduled job run to update? If you are not running as admin or don't have a job scheduled i believe it will be grayed out. Other than that i would Follow the directions below to contact support

Skinny,

Not sure how i am evading the issue with you?. If you would still like to restore the file manually i have reattached it here in zip format. 7zip is a great addition and free to deal with rar files in the future. http://www.7-zip.org/ .

As far as the quarintine issue you would have to contact support to get that sorted as i am not in support and not sure why it would not restore. You can make a post in the general forum about it and the support team will help you with it. If you are a paid user you can contact support directly by email. The options are on this link:

http://www.malwareby...upport/consumer

DFDWiz.zip

[chirac]

hello

i got the same problem DFDWiz.exe is in the MBAM quarantaine but impossible to restore it... will a fixe coming about it?

[shadowwar]

Chirac please see above my previous post. Please contact support and they will help you with the restore problem. Or you can download the file above and restore manually.