Jump to content

Confused - MBam finds Trojan - KAV2012 does not


Recommended Posts

Hi,

New member - running pro version mbam v.1.65.1.1000

Scan tonight found the following: 8 trojan.agent items

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

12/5/2012 12:04:20 AM

mbam-log-2012-12-05 (02-53-32).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 509785

Time elapsed: 1 hour(s), 44 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo Creations (Trojan.Agent) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 8

C:\Program Files (x86)\HP Photo Creations\uninst.exe (Trojan.Agent) -> No action taken.

C:\Program Files (x86)\Linkman\uninst-Linkman.exe (Trojan.Agent) -> No action taken.

C:\SwSetup\HPPC\HPPSG.exe (Trojan.Agent) -> No action taken.

C:\Users\Owner\AppData\Roaming\TechWizard\mediamanager.exe (Trojan.Agent) -> No action taken.

C:\Users\Owner\Desktop\Executables\DjVuLibre+DjView-3.5.24+4.7c-Setup.exe (Trojan.Agent) -> No action taken.

C:\Users\Owner\Documents\aaa_MCS\2012\HOUSE\LinkmanPro\lkmn832.exe (Trojan.Agent) -> No action taken.

C:\Users\Owner\Downloads\family_tree_builder_5634i.exe (Trojan.Agent) -> No action taken.

C:\Users\Owner\Downloads\lkmnl832.exe (Trojan.Agent) -> No action taken.

(end)

However, Kaspersky Anti-Virus 2012 has not found any issues in the ongoing scan - I'm running a full scan now.

I'm confused - how is it possible for MBam to find issues while KAV does not, or vice versa?

Regarding the above log, assuming I am truly infected - what is the remedy?

Thanks very much.

ps - I will check this tomorrow - leaving laptop on - but have to sleep now.

Link to post
Share on other sites

Hi and welcome MGower: :)

One of the MBAM staff or expert members would need to comment on your MBAM log.

To answer your question, however, different security products detect different types of malware and have different databases.

So, it's sometimes possible that a particular threat might be detected by one product and not the other.

Malware is always changing, new variants are always appearing, and security software engineers are always working 24/7/365 to keep up.

And, sometimes there are false positives.

It appears that you are a couple of databases behind (current version is v.2012.12.05.03). :)

First thing to try is to update your MBAM databases and rescan.

If you think these detections might be a False Positive, please follow the instructions in this sticky topic: READ BEFORE REPORTING A FALSE POSITIVE!

Then, please post with the requested info in the FP section: http://forums.malwar...hp?showforum=42

HTH,

daledoc1

Link to post
Share on other sites

I also received this error last night. Like you, the MBAM report finds no errors, yet a separate window with detection.

I've tried to include a screen shot but I'm not sure if you'll be able to view it or not.

I haven't had a chance to do much investigation yet. I'm wondering if this has already been determined a false positive

J

https://docs.google.com/file/d/0B24xqbNYxuW0eEdlSl9ZWVhkU1U/edit

Link to post
Share on other sites

Thanks to all. I ran the full KAV scan overnight - no issues reported. This morning I updated the MBam db to most current (don't know why it doesn't do that automatically - I do have that set in my preferences...), and ran another mbam full scan - and came up clean.

So, I guess these were false positives?

Below is the (clean) log from today's full scan.

I don't think this was a "true" false positive, as it happened when my db's weren't current. Once they were current, it went away.

MBam staff? Am I correct - or should I be reporting this somewhere?

Thanks to all.

For the moment, I'm going to assume I'm "clean".

: )

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.05.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

Protection: Enabled

12/5/2012 12:16:31 PM

mbam-log-2012-12-05 (12-16-31).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 512551

Time elapsed: 1 hour(s), 39 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.