Jump to content

2 false positives

Guest MBfan

Recommended Posts

I did a full scan and got 2 false positives. One of them allows more half-open connections. The other is a DLL from a game called "Ranch Rush". I have zipped the files in question and have added them to this post.

I understand why the 4226patcher might be questionable (it modifies system files), but I am most concerned about the Ranch Rush DLL.


Malwarebytes' Anti-Malware 1.34

Database version: 1757

Windows 5.1.2600 Service Pack 3

2/13/2009 6:27:19 AM

mbam-log-2009-02-13 (06-27-13).txt

Scan type: Full Scan (C:\|G:\|H:\|)

Objects scanned: 158990

Time elapsed: 26 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Admin\Desktop\EvID4226Patch.exe (Adware.Agent) -> No action taken. [2319262067702117261823671718212617207069196871672022236667186767]

C:\Reflexive\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken. [5253514247403025352121192117212220202037352026222520362421183925372525211718171












Link to post
Share on other sites

One was a FP but I wont be fixing this one :

File EvID4226Patch.exe received on 02.13.2009 14:01:34 (CET)

Result: 22/39 (56.42%)

a-squared 2009.02.13 Riskware.Patch.TCPIP!IK

AntiVir 2009.02.13 APPL/Tool.EvID4226.A

AVG 2009.02.13 HackTool.AB

CAT-QuickHeal 10.00 2009.02.13 (Suspicious) - DNAScan

ClamAV 0.94.1 2009.02.13 Adware.Agent-2559

Comodo 976 2009.02.13 ApplicUnsaf.Win32.Tool.EvID4226

eSafe 2009.02.12 Suspicious File

Fortinet 2009.02.13 HackerTool/Evid

Ikarus T3. 2009.02.13 Not-A-Virus.Patch.TCPIP

K7AntiVirus 7.10.628 2009.02.12 not-a-virus:Tool.Win32.Evid

McAfee 5524 2009.02.12 potentially unwanted program Tool-Evid

McAfee+Artemis 5524 2009.02.12 potentially unwanted program Tool-Evid

NOD32 3850 2009.02.13 Win32/Tool.EvID4226

Panda 2009.02.13 HackTool/EvID

PCTools 2009.02.13 HackTool.EvID

SecureWeb-Gateway 6.7.6 2009.02.13 Riskware.Tool.EvID4226.A

Sophos 4.38.0 2009.02.13 EvID4226

Sunbelt 3.2.1851.2 2009.02.12 Event ID 4226 Patcher

TheHacker 2009.02.13 Aplicacion/Tool.evid

TrendMicro 8.700.0.1004 2009.02.13 PAK_Generic.001

ViRobot 2009.2.13.1605 2009.02.13 Trojan.Win32.Amvo.Gen

VirusBuster 2009.02.12 RiskWare.TCPIPPatcher.A

If you wish to use this file please white list it , it is used far to often as part of worm/bot infections not to detect it .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.