"using the /developer command line"

[Lode]

Hi!

MBAM just flagged 3 items in my notebook:

"Rootkit.Agent" in C:\Windows\2876112.exe

"Rootkit.Agent" in C:\Windows\3224899.exe

"Rootkit.Agent" in C:\Windows\3528867.exe

I've not let MBAM remove them yet, and scanned with some other good anti-malware software (Emsisoft and Avira) which did not reported them as malware. So I wonder if they are false positives.

In the article "What are False Positives and how do I report them?" it says (among other things):

"3. Start Malwarebytes Anti-Malware using the /developer command line. This is a crucial step, as it will generate a developer's log where the false positive has occurred.

4. Contact us and be sure to include a copy of this developer's log. It is crucial that we receive this log in order to analyze and resolve the issue quickly."

http://helpdesk.malwarebytes.org/entries/20818101-What-are-False-Positives-and-how-do-I-report-them-

I've no idea about a "the /developer command line."

[raman]

Looking at the filenames and the folder they are in, it doesnßt sound like a false alarm. You may test the files at virustotal.com and post the links to the result.

About the developer mode, read this:

http://forums.malwarebytes.org/index.php?showtopic=3228

[miekiemoes]

Hi,

Please see here: http://forums.malwarebytes.org/index.php?showtopic=3228

Also, for the files detected, please zip them and attach the zip file to your next post.

[demid_id]

sorry me, bat why i don't load attach from this forum?

[Lode]

Thank you!

According to MBAM the files with rootkits would be removed after it asked me to reboot. Which I did of course. Scanning now it detects nothing suspicious.

I trust your judgment that most probably they were indeed infections. I'll watch the behavior of my laptop for the next few days. If I have problems -in case it was a fp- I can always use the system backup I made a few days ago. I had MBAM run a scan before I made the backup during which it detected nothing suspicious, so that backup is clean I assume.

Of course I could've used the backup instead of starting this thread, but wanting to be a good guy I thought of helping MBAM by reporting a possible fp. Not needed it looks like.

[Lode]

PS:

One thing I had noticed is that the temperature of my laptop was running some 20° C higher than normal before MBAM removed those files... I can see that it's back to normal using a little free program called SpeedFan. Right now it's back to fluctuating between 24° and 28° C, which is normal for my machine when not doing anything intensive.