Malwarebytes Anti-Rootkit FP? Hijack.Trojan.Siredef.C

[suicidalducky]

Wasn't sure where I could ask this question since this program is in the beta phase.

I decided to give the program a go today, and it turned up something in my registry. Wanted to make sure this is not a FP before I go deleting the entry.

the entry is in the HKCU\SOFTWARE\CLASSES\

Thanks!

[suicidalducky]

Er..no edit button. I'm guessing it might be false since MBAM didn't detect anything in the registry

[shadowwar]

This should not be a false positive and is safe to fix. Were they any detections earlier? Would help to see the full mbar log instead of a screenshot.

[suicidalducky]

Oh sorry. I'll do that when I get back home. I ran mbam before mbar but it did not detect anything. Nor did avast detect anything.Left mbam on full scan before I left

[suicidalducky]

The full scan of MBAM detected nothing (up to date, too).

I attached both the system log and scan log from MBAR. I'm hoping this is nothing but a FP, but I'll delete the key anyway.

mbar-log-2012-12-29 (20-38-27).txt

system-log.txt

[suicidalducky]

Forgot to add that nothing else was detected on my system, nor have I cleaned/removed anything prior to this detection; it was only this registry key. I thought it was kind of odd.

Well, I deleted the key with mbar, and now the key is back but with a legitimate string for shell32.dll, and mbar isn't detecting anything; Is this normal?

[suicidalducky]

Sorry for spamming more , but I did notice the key that was being detected as trojan in its data string had "No value set". and the subfolder of that key was MergedFolder...also with no value set. I don't recall anything else--is there a way to get or restore the information of the key I deleted with MBAR?

I think I need to take a chill pill and stop spazzing out sorry lol.

[shadowwar]

If They were blank values then nothing to worry about. MBAR puts a ll its quarantine items into mbam's quarantine so you can restore from there.