LSDriveDetect.exe and \Adobe AIR\Versions\1.0\Resources\template.exe

[Skipperl]

Ran MWB's (latest update) full scan tonight and got the following errors on a system that has run these same files clean for months. I also submitted them to Jotti's malware scan and they ran clean on all 9 programs. I suspect false positives. Both files came with new computer. Any advice appreciated. Rerunning in developer mode now.

Files Detected: 2

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{4C6E12E5-5905-4aa5-B462-E7DFC4BD75E5}\LSDriveDetect.exe (Spyware.Password) -> No action taken.

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password)

[Guest DangerousClick]

Hello skipperl,

There seems to be an issue going on with a bunch of stuff being detected as spyware.password, I assume it is a bug. These are the necessary steps to identify malware easily.

1. Go to virustotal and upload the files

2. Post the link of the analysis of them back.

Thank you

~Click~

[nosirrah]

I am fixing this right now.

[Skipperl]

File name: LSDriveDetect.exe File type: Win32 EXE Detection ratio: 0 / 43 Analysis date:

2012-09-24 03:46:16 UTC ( 0 minutes ago ) File name: template.exe File type: Win32 EXE Detection ratio: 0 / 26 Analysis date: 2012-09-24 03:52:09 UTC ( 0 minutes ago )

Both ran clean on virustotal as well.

[Skipperl]

I am fixing this right now.

Wow, that's fast, thanks

[Skipperl]

Developer log with attached zip file

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.24.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Skip :: SKIP-PC [administrator]

9/23/2012 11:22:35 PM

mbam-log-2012-09-24 (00-02-52).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325294

Time elapsed: 36 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{4C6E12E5-5905-4aa5-B462-E7DFC4BD75E5}\LSDriveDetect.exe (Spyware.Password) -> No action taken. [faf78be17de023138692bc0937c96f91]

C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) -> No action taken. [549d6804174669cd7f99b70e7f81d22e]

(end)

mbam-log-2012-09-24 (00-02-52).zip

[nosirrah]

Update and check again, this should be fixed.

[Skipperl]

I am fixing this right now.

It's fixed,

Thank you

[nosirrah]

Thanks for confirming and I am sorry for the inconvenience.

[lcarthan]

I found C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe (Spyware.Password) one of my computers as well and changed all of my passwords which took close to two hours. I've found the same thing on my other computer and want to make sure it's a bug otherwise I'm going to have to change all my passwords again.

[nosirrah]

This was an error on our part and it has been corrected.

[lcarthan]

Thank you, I've used your product for many years without a mistake so I have no problem overlooking this incident and will continue to support you guys as there was a couple times where your software was the only thing that saved my computer.

[sipp]

When you say your updating it, you mean just the definitions? or will there be a new "version" of the software. I got a handful of these 'password' things today....