Jump to content

Need help determining whether scan picked up a threat or a false positive


Recommended Posts

So I just updated Malwarebytes to have Database version: v2012.12.05.01, and ran a scan that produced four threats found on my PC. Here's the log, with the issues highlighted in red:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: MORBIDCOFFEE [administrator]

12/4/2012 8:22:35 PM

mbam-log-2012-12-04 (21-07-57).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 302449

Time elapsed: 19 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedFan (Trojan.Agent) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Program Files (x86)\SpeedFan\uninstall.exe (Trojan.Agent) -> No action taken.

C:\Users\Paul\AppData\Local\Temp\is1598539481\247017_Setup.DAT (Trojan.Agent) -> No action taken.

C:\Users\Paul\Downloads\installspeedfan447.exe (Trojan.Agent) -> No action taken.

(end)

The last time I've ran a scan in Malwarebytes was yesterday with no unwanted threats found. After today's scan, I'm also not given the option to quarantine these files. Microsoft Security Essentials also picks up nothing, and as far as I can tell I'm not having issues with my PC. Any help would be greatly appreciated.

Link to post
Share on other sites

  • 1 month later...

I'm in need of assistance again, and rather than clog up the forum with new threads I'll keep my issues to this thread. I ran another scan earlier today and didn't pick anything up, and an hour ago updated to Database version: v2013.01.28.01 and found 1 object. It seems a bit more serious than my last issue, but I'd still like to get some second opinions:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.28.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: MORBIDCOFFEE [administrator]

1/27/2013 10:14:07 PM

MBAM-log-2013-01-27 (23-28-16).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 366804

Time elapsed: 1 hour(s), 13 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Replace.exe (Spyware.Zbot.ED) -> No action taken.

(end)

A few questions:

1) How serious is this issue, or is it a false positive again with the latest update? I assume it's a bit more serious this time.

2) Is it safe to remove the selected issue through malwarebytes without harming my PC?

3) If it's not safe to remove this issue, what can I do to remove it?

I'd appreciate it if I could get an answer ASAP. I'd rather not leave this issue on my computer overnight.

Link to post
Share on other sites

Hello, MorbidCoffee and Paula27: :)

It's possible that this may be a FP.

First, please be sure you have the latest MBAM database (currently v.2013.01.28.02, as I type this).

Then, in order to expedite the review by the MBAM devs/engineers, please follow the instructions in this sticky topic: READ BEFORE REPORTING A FALSE POSITIVE!.

Then please post the requested information in a new post in the FP section >>HERE<<.

HTH,

daledoc1

Link to post
Share on other sites

Hello daledoc1,

I tried to follow your instructions but when I typed mbam.exe/developer into the run box it says: Windows cannot find 'mbam.exe/developer'. Make sure you typed the name correctly and then try again. However, I did update to the latest database (v2013.01.28.07) and ran a regular full scan and it comes up clean so it appears that it was a FP that has been corrected in the new database. I'm not sure why I wasn't able to run the developer version though.

Paula

Link to post
Share on other sites

Hi, Paula27:

Hello daledoc1,

I tried to follow your instructions but when I typed mbam.exe/developer into the run box it says: Windows cannot find 'mbam.exe/developer'. Make sure you typed the name correctly and then try again.

That's because there needs to be a space before the slash -- mbam.exe /developer :)

(Color is added for emphasis.)

However, I did update to the latest database (v2013.01.28.07) and ran a regular full scan and it comes up clean so it appears that it was a FP that has been corrected in the new database.

Yep, it appears so.

I'm not sure why I wasn't able to run the developer version though.

See above.

Anyway, yep, it appears that it was a FP & it was fixed.

Thanks for reporting it.

Cheers,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.