2 false positives

[Guest MBfan]

I did a full scan and got 2 false positives. One of them allows more half-open connections. The other is a DLL from a game called "Ranch Rush". I have zipped the files in question and have added them to this post.

I understand why the 4226patcher might be questionable (it modifies system files), but I am most concerned about the Ranch Rush DLL.

---------------------LOG----------

Malwarebytes' Anti-Malware 1.34

Database version: 1757

Windows 5.1.2600 Service Pack 3

2/13/2009 6:27:19 AM

mbam-log-2009-02-13 (06-27-13).txt

Scan type: Full Scan (C:\|G:\|H:\|)

Objects scanned: 158990

Time elapsed: 26 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Admin\Desktop\EvID4226Patch.exe (Adware.Agent) -> No action taken. [2319262067702117261823671718212617207069196871672022236667186767]

C:\Reflexive\Ranch Rush\ijl15.dll (Trojan.Agent) -> No action taken. [5253514247403025352121192117212220202037352026222520362421183925372525211718171

71717172526182525262225192125262225173625252225201725262225172125262225202525262

1

25181725262125182522353620253521251821253522171917252621251817172036342526182525

2

62225173625252225201725262225172125262225202525262125182525262217192122353620261

7

26172617261722202223253524211921173625372121192117362224221725352138203625372438

2

11723251717181717171717222422182020373538251917252317191717]

MBAMFP.zip

MBAMFP.zip

[nosirrah]

One was a FP but I wont be fixing this one :

File EvID4226Patch.exe received on 02.13.2009 14:01:34 (CET)

Result: 22/39 (56.42%)

a-squared 4.0.0.93 2009.02.13 Riskware.Patch.TCPIP!IK

AntiVir 7.9.0.79 2009.02.13 APPL/Tool.EvID4226.A

AVG 8.0.0.237 2009.02.13 HackTool.AB

CAT-QuickHeal 10.00 2009.02.13 (Suspicious) - DNAScan

ClamAV 0.94.1 2009.02.13 Adware.Agent-2559

Comodo 976 2009.02.13 ApplicUnsaf.Win32.Tool.EvID4226

eSafe 7.0.17.0 2009.02.12 Suspicious File

Fortinet 3.117.0.0 2009.02.13 HackerTool/Evid

Ikarus T3.1.1.45.0 2009.02.13 Not-A-Virus.Patch.TCPIP

K7AntiVirus 7.10.628 2009.02.12 not-a-virus:Tool.Win32.Evid

McAfee 5524 2009.02.12 potentially unwanted program Tool-Evid

McAfee+Artemis 5524 2009.02.12 potentially unwanted program Tool-Evid

NOD32 3850 2009.02.13 Win32/Tool.EvID4226

Panda 10.0.0.10 2009.02.13 HackTool/EvID

PCTools 4.4.2.0 2009.02.13 HackTool.EvID

SecureWeb-Gateway 6.7.6 2009.02.13 Riskware.Tool.EvID4226.A

Sophos 4.38.0 2009.02.13 EvID4226

Sunbelt 3.2.1851.2 2009.02.12 Event ID 4226 Patcher

TheHacker 6.3.1.9.255 2009.02.13 Aplicacion/Tool.evid

TrendMicro 8.700.0.1004 2009.02.13 PAK_Generic.001

ViRobot 2009.2.13.1605 2009.02.13 Trojan.Win32.Amvo.Gen

VirusBuster 4.5.11.0 2009.02.12 RiskWare.TCPIPPatcher.A

If you wish to use this file please white list it , it is used far to often as part of worm/bot infections not to detect it .