Jump to content
Guest Seagull

False Positive Windows Registry Run.

Recommended Posts

Guest Seagull

Malwarebytes just updated to the latest version and ran a flash scan and said a Legitimate Windows Registry Key was a Trojan.Agent.

Log is attached. Malwarebytes PRO version 1.61.0.1400 update version v2012.06.14.01.

Thank you.

Share this post


Link to post
Share on other sites

I got the same thing.

Edit: Developer log

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

DarkSnake-Kobra :: XPS17 [administrator]

Protection: Enabled

6/13/2012 8:02:00 PM

mbam-log-2012-06-13 (20-02-13).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Registry | File System | P2P

Objects scanned: 184644

Time elapsed: 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> No action taken. [4693797abba191a5c6083e21ca3a936d]

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Malwarebytes just updated to the latest version and ran a flash scan and said a Legitimate Windows Registry Key was a Trojan.Agent.

Log is attached. Malwarebytes PRO version 1.61.0.1400 update version v2012.06.14.01.

Thank you.

I can confirm that deleting/quarantining said registry key stops various applications running, or at least automatically running after reboot! :-( Fortunately restoring the key resolves the situation.

Regards to All,

Chris

Share this post


Link to post
Share on other sites

This False positive deletes the Windows sidebar.

I would would look for a fix soon.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.01

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Hardhead 5 :: OWNER-PC [administrator]

Protection: Enabled

6/13/2012 9:39:39 PM

mbam-log-2012-06-13 (21-39-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 223244

Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

I forgot to add the developer mode scan.

Posted below:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.01

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Hardhead 5 :: OWNER-PC [administrator]

Protection: Enabled

6/13/2012 10:07:01 PM

mbam-log-2012-06-13 (22-07-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 223308

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully. [8d4c0be82f2de155bb13b0af08fc7090]

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

I am really sorry about this guys. If you update and check again this should be fixed.

Share this post


Link to post
Share on other sites
Guest Seagull

Thank you, and your welcome. :)

I can confirm, after updating and running a flash scan, this Registry Key is no longer being flagged.

Thanks again Malwarebytes Team. :)

Share this post


Link to post
Share on other sites

No longer detected after latest update. :) Thanks again Malwarebytes' .:)

Share this post


Link to post
Share on other sites

I'm still getting a trojan.agent detection for the run key under HKCU. Its empty there's nothing there. The only thing I had there was the startup key for Sandboxie, which was removed the first time it was detected.

Edit: Fp seems fixed now, Thanks :)

Share this post


Link to post
Share on other sites

Sames Issue this day: see result.

Log attached:

Versions: 1.61.0.1400

Please fix

Thanks

I don't see any detection in your log Henrilaconte

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.06.14.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

H.W. van Berkum :: HWVANBERKUM-PC [administrator]

Realtime bescherming: Ingeschakeld

14-06-2012 05:55:24

mbam-log-2012-06-14 (05-55-24).txt

Scantype: Flash-scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: Register | Bestanden en mappen | P2P

Objecten gescand: 153118

Verstreken tijd: 29 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Share this post


Link to post
Share on other sites

I'm still getting a trojan.agent detection for the run key under HKCU. Its empty there's nothing there. The only thing I had there was the startup key for Sandboxie, which was removed the first time it was detected.

Edit: Fp seems fixed now, Thanks :)

Latest version is: Database version: v2012.06.14.04

Your code where shown was Database version: v2012.06.14.03

Thanks

Share this post


Link to post
Share on other sites

Latest version is: Database version: v2012.06.14.04

Your code where shown was Database version: v2012.06.14.03

Thanks

Got that on two systems with Database version v2012.6.14.1.

v2012.6.14.2 fixed the false positive on both my systems.

Jim

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.