Jump to content

Recommended Posts

Hello everyone,

Today MBAM have detected that my notepad.exe is a fake trojan ms? I went to look at the file in the System32 folder and found out about some things.

The reason why i think it is a false positive is because when i open notepad.exe it runs normally (opens a blank notepad). Also looking the size of notepad.exe it is only 142kb which is the average file size of notepad.exe. If notepad.exe was a trojan then i would imagine the size of it should be very big.

On the other hand i could be wrong and notepad.exe isa trojan because when i looked at the Date Modified for notepad.exe it says "11/12/2012 10:12 AM" which isn't right because all of my other programs and files in the System32 folder has a date modified of the year 2006 (i'm using vista by the way).

So i wasn't sure if it is a false positive or not. So i'm here just to make sure if i was right or wrong.

I also have uploaded the MBAM scan log and the notepad.exe in a zip.

Thank you,

whoamomma.

notepad.exe.zip

Link to post
Share on other sites

What the...? The MBAM scan log once again didn't get uploaded? I'll just copy and paste the scan log and post it here...

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.11.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

student :: STUDENT-PC [administrator]

Protection: Enabled

11/12/2012 11:39:28 AM

mbam-log-2012-12-11 (12-12-02).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 278651

Time elapsed: 27 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\notepad.exe (Trojan.FakeMS) -> No action taken. [0a03815c332a241248119f43ff01b64a]

C:\Windows\System32\notepad.exe (Trojan.FakeMS) -> No action taken. [3ad3a4395d0057dff2671bc7e31d7789]

(end)

Link to post
Share on other sites

I'm having the same problem on my 32-bit Vista system. A MBAM PRO v. 1.65.1.1000 Quick Scan (database v2012.12.11.01) detected the Microsoft Notepad text editor (notepad.exe) today as a Trojan.FakeMS in the following two locations that look like a false positive.

C:\Windows\System32\notepad.exe (attached as notepad A.zip)

C:\Windows\notepad.exe (attached as notepad B.zip)

The zipped files, as well as the Quick Scan log file run in developers mode, are attached. Norton Internet Security 2013 v. 20.2.0.19 does not detect either notepad.exe file as a threat. I also submitted both files to VirusTotal (https://www.virustotal.com/) and MBAM is the only AV software flagging these files as possible malware.

mbam-log-2012-12-10 (19-58-51).txt

notepad A.zip

notepad B.zip

------------

MS Windows Vista Home Premium 32-bit SP2 * 2013 v. 20.2.0.19 * MBAM PRO v. 1.65.1.1000

HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

Link to post
Share on other sites

Problem solved on my 32-bit Vista machine. I re-ran Quick Scan with database v2012.12.11.12 today and notepad.exe is no longer flagged as Trojan.FakeMS.

------------

MS Windows Vista Home Premium 32-bit SP2 * 2013 v. 20.2.0.19 * MBAM PRO v. 1.65.1.1000

HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.