Jump to content

False Positive? Mozilla file "regxpcom.exe"


Doctor Olds

Recommended Posts

Log created by running in developer mode. using "mbam.exe /developer" as the run command.

+++++++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.34

Database version: 1824

Windows 5.1.2600 Service Pack 2

03-06-2009 8:44:45 AM

mbam-log-2009-03-06 (08-44-38).txt

Scan type: Full Scan (C:\|)

Objects scanned: 177692

Time elapsed: 1 hour(s), 32 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\mozilla.org\Mozilla\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken. [1768662620222517246922196723182421682369257122706721712269267021]

+++++++++++++++++++++++++++++++++++++++++++

That is a false positive result, correct?

Regards,

Doctor Olds

Link to post
Share on other sites

Doctor Olds, Windows SP3 has been available for almost 8 months now and has several Critical Security Updates.

In IE go to Tools then Windows Update then download and install the SP3 updates.

Go to Control Panel then Automatic Updates then select Automatic updates or as a minimum you should select Notify me about updates but do not download them.

On Tuesday which is Patch Tuesday there will be 1 Critical and 2 recommended updates.

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:

http://secunia.com/vulnerability_scanning/online

Link to post
Share on other sites

Doctor Olds, Windows SP3 has been available for almost 8 months now and has several Critical Security Updates.

Yes, and the *proper* way to install any OS update is to scan the machine thoroughly first to verify it is clean *before* you update the OS. Your suggestion does not address my question and SP3 does not update Mozilla software. Thanks.

Link to post
Share on other sites

Hi it looking quite possibly to be F/P so for now please add to ignore list while we review.

Is the md5= 0a935807d52b6174c6d8f5eb4f5d9e4 and is VirusTotal upload to passing it as 0/39 ?

Yes, the MD5 is indeed = 0ca935807d52b6174c6d8f5eb4f5d9e4 at VirusTotal.com and virusscan.jotti.org but conflicting results (see below)

+++++++++++++++++++++++++++++++++++++++

http://www.virustotal.com/analisis/3a8eafc...5e9ec6d5ff6632f

File regxpcom.exe received on 03.06.2009 17:05:14 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 2/38 (5.27%)

Comodo 1027 2009.03.05 Unclassified Malware

Panda 10.0.0.10 2009.03.05 Adware/FBrowsingAdvisor

+++++++++++++++++++++++++++++++++++++++

virusscan.jotti.org

Status: OK (Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)

+++++++++++++++++++++++++++++++++++++++

Link to post
Share on other sites

Well i'm going out on a limb knowing that your a very knowlegable user(c/o posts@DSLR forums) that you have not been downloading any ad bundled flashgames c/o P2P....

Also the fact that there are no other hits by MBAM etc would suggest it is very much an F/P and will be addressed in an update shortly.

Link to post
Share on other sites

  • 10 months later...

Sorry if tagging an old thread is against the rules, but as this was a past issue I thought to post here.

This system, and the log info:

Malwarebytes' Anti-Malware 1.31

Database version: 1593

Windows 5.1.2600 Service Pack 2

1/2/2009 12:15:51 PM

mbam-log-2009-01-02 (12-15-51).txt

Scan type: Full Scan (C:\|E:\|H:\|J:\|)

Objects scanned: 219655

Time elapsed: 8 hour(s), 14 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{BB55669B-8FD1-4068-B89E-8323469D4291}\RP30\A0012400.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.

J:\Memeo\My Documents\C_\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

I am assuming it is that "xpcom" that gets this file picked up as Trojan.FBrowsingAdvisor. Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.