Jump to content

False pos Fake Driver?


Opalfruit

Recommended Posts

sorry it would be better if i just did this

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 6.0.6001 Service Pack 1

10/03/2009 19:21:08

mbam-log-2009-03-10 (19-20-49).txt

Scan type: Quick Scan

Objects scanned: 75369

Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

is it false or not as i said SAS doesnt detect but that could just be cos MBAM is better than SAS :D

Link to post
Share on other sites

I have the same problem.

Here's the log:

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 6.0.6001 Service Pack 1

2009-03-10 20:37:31

mbam-log-2009-03-10 (20-37-25).txt

Scan type: Quick Scan

Objects scanned: 53187

Time elapsed: 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I got the same thing...definately looks like a false positive as I got rid of it and I couldn't connect to the internet after the reboot...thank god for quarantine! :D

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 5.1.2600 Service Pack 3

10/03/2009 7:39:10 PM

mbam-log-2009-03-10 (19-39-05).txt

Scan type: Quick Scan

Objects scanned: 78662

Time elapsed: 12 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I have the same concerns.

I ran a search for the file this flag references and only found the two (both v5.1.2600.0) apparently added by MS to the original WinXP installation CD back in 2001 (one in C:\WINDOWS\system32\dllcache\ws2ifsl.sys, the other in C:\WINDOWS\system32\drivers\ws2ifsl.sys). Neither of these appear to be fake drivers.

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 5.1.2600 Service Pack 3

3/10/2009 3:39:05 PM

MBAM 2009-03-10.txt

Scan type: Quick Scan

Objects scanned: 74552

Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I noticed that my computer was acting strange & slow. It seemed to have great difficulty in clicking off browsers. I did an MBAM scan & it found a Fake Driver. I have this now in quarantine. My laptop seems to be working far better. Is this a false positive?

FAKE DRIVER HKEY_LOCAL_MACHINE\SYSTEM\C...22275

I have it in quarantine, so I suppose I can put it back with restore, but my computer seems a lot healthier now.

Link to post
Share on other sites

And same "problem" here too:

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 5.1.2600 Service Pack 3

10/03/2009 21:27:40

mbam-log-2009-03-10 (21-27-37).txt

Scan type: Quick Scan

Objects scanned: 76458

Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [385753513430414438586445483634456446343641424738615258525338466136868383707985368079858380775270856152708387746870846156521942395245]

Hi all

got same problem on three of my PC's (a laptop running XP Home SP 3, antoher laptop running Vista Home Premium SP 1 and a desktop PC running XP SP 3) when updated MBAM to database: 1832

SUPERAntiSpyware free and SpyBot Search and Destroy dind't catch any sign of infection.

I use Comodo Internet Security 3.8 (with no antivirus included and with no toolbar) and Avira PREMIUM 8.2.

I found this article related

http://www.pandasecurity.com/enterprise/se...;idvirus=150198

I Suppose Comodo IS 3.8 was flagged as malware, I think is a false positive.

Regards

Link to post
Share on other sites

Just to add to the melee, here's my log;

Malwarebytes' Anti-Malware 1.34Database version: 1832Windows 6.0.6001 Service Pack 1
10/03/2009 21:40:59mbam-log-2009-03-10 (21-40-57).txt
Scan type: Quick ScanObjects scanned: 56416Time elapsed: 3 minute(s), 50 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [385753513430414438586445483634456446343641424738615258525338466136868383707985368079858380775270856152708387746870846156521942395245]
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:(No malicious items detected)
Link to post
Share on other sites

Here's my log file, because I got this detection too. Windows Defender (:D) doesn't find this but it does find a problem with my HOSTS file, which I too think is a FP.

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 6.0.6001 Service Pack 1

3/10/2009 4:39:43 PM

mbam-log-2009-03-10 (16-39-37).txt

Scan type: Quick Scan

Objects scanned: 58440

Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Windows Defender (:D) doesn't find this but it does find a problem with my HOSTS file, which I too think is a FP.

I had the same problem with Windows Defender. I'm sure is a false positive.

Please update Windows Defender, I think MS fixed this issue:)

sorry for O.T

Link to post
Share on other sites

I have the same Fake.Driver detection on my system.

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 5.1.2600 Service Pack 3

3/10/2009 5:15:53 PM

mbam-log-2009-03-10 (17-15-49).txt

Scan type: Full Scan (C:\|E:\|F:\|)

Objects scanned: 401998

Time elapsed: 51 minute(s), 13 second(s)

[...]

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken.

Link to post
Share on other sites

I updated to latest MBAM and got the same result. I've been clean previously and the only change I've made to that system is install AVG Free 8.5.

I only have the Fake.Driver listed in the registry not in the %systemroot% - well at least on a quick scan.

The standard Microsoft system driver <System>\drivers\ws2ifsl.sys may be registered as a new service (if it is not already registered as a service) named "WS2IFSL", with a display name of "Windows Socket 2.0 Non-IFS Service Provider Support Environment" and a startup type of manual, creating registry entries under:

HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSL\

This service should not be removed.

http://www.sophos.com/security/analyses/ad...l?_log_from=rss

Upper and lower case wouldn't make a difference in the regisry would it? Or is the registry like *nix and likes to differentiate between the cases?

Link to post
Share on other sites

i got this too, is this a false positive?

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 6.0.6001 Service Pack 1

11/03/2009 06:43:55 AM

mbam-log-2009-03-11 (06-43-38).txt

Scan type: Quick Scan

Objects scanned: 62434

Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I updated to latest MBAM and got the same result. I've been clean previously and the only change I've made to that system is install AVG Free 8.5.

I only have the Fake.Driver listed in the registry not in the %systemroot% - well at least on a quick scan.

http://www.sophos.com/security/analyses/ad...l?_log_from=rss

Upper and lower case wouldn't make a difference in the regisry would it? Or is the registry like *nix and likes to differentiate between the cases?

No, for the most part, Windows doesn't care about upper/lower case except for passwords. Registry path statements are followed regardless of case.

Link to post
Share on other sites

See this is why I love malwarebytes,false positives be damned.

In fact it is the false positives I love!

There is just nothing sweeter in the cyber world,

than a new copy of windows running on a reformated

partition,and few softwares give as amply an oppertunity

to revel in that feeling as Malwarebytes,with its penchant

for registry and windows system file false positives!!

Keep up the good work duck!!

Link to post
Share on other sites

Here's my developer log do we remove it? quarantine it?

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 5.1.2600 Service Pack 3

3/10/2009 5:45:02 PM

mbam-log-2009-03-10 (17-44-49).txt

Scan type: Quick Scan

Objects scanned: 65865

Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I registered to post this VISTA HP. FAKE.DRIVER

Malwarebytes' Anti-Malware 1.34

Database version: 1832

Windows 6.0.6001 Service Pack 1

3/10/2009 8:59:25 PM

mbam-log-2009-03-10 (20-59-23).txt

Scan type: Quick Scan

Objects scanned: 55541

Time elapsed: 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WS2IFSL (Fake.Driver) -> No action taken. [3857535134304144385864454836344564463436414247386152585253384661368683837079853

68079858380775270856152708387746870846156521942395245]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.