Trojan.Agent in COMMAND.COM - false positive?

viruskiller · April 27, 2013

Hello Malwarebytes,

I updated Anti-Malware to the latest database version (913042702) and ran a full scan today. Here's what I got after running the same scan in developer mode:


Files Infected:
C:\Windows\System32\COMMAND.COM (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C]

This never happened before. I'll be pleased if you guys could check this one whether it's a false positive or not.

I've zipped everything and attached it in this post. The zip file includes the following files:


COMMAND.COM -> the file reported as "infected"
COMMAND.md5 -> MD5 checksum of the file for verification
mbam-log-2013-04-27 (13-41-29).txt -> the detailed log of my scan in developer mode

Regards,

viruskiller

mbam-false-positive-2013-04-27.zip

shadowwar · April 27, 2013

U are running a VERY old version of malwarebytes. This is not detected in 1.75 and you are running unsupported 1.46. Please update and rescan and let me know if there i a problem.

viruskiller · May 3, 2013

Yes, I was still running 1.46 (2010), because it always let me update the database for some strange reason, thus I assumed it wasn't necessary to install a new version of the mere software itself.

Never mind. I have updated to your latest 1.75 and run a quickscan 15 minutes ago. And it did not detect the false positive. Sorry for the inconvience on my part.

Here's the log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.03.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
(computer name deleted due to privacy)
Protection: Disabled
03.05.2013 17:59:11
mbam-log-2013-05-03 (17-59-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258394
Time elapsed: 4 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

As you can see I still use Windows Vista on my old PC. I guess it's about time for me to also update to Windows 7 or even Windows 8.

shadowwar · May 4, 2013

We add new detection tech in each version along with different whitelisting techniques. Thats why its always important to update program version also. Old version will ignore the newer tech in the databases.

KGHN · May 18, 2013

Hello, Malwarebytes and viruskiller,

I, also, have had my COMMAND.COM flagged as having Trojan.Agent.

I, also, am running MBAM 1.46 with updated virus defs (913051804).

My COMMAND.COM is freshly expanded from a genuine MS XP Home CD.

Weirdly, right-clicking in Explorer and choosing scan with MBAM from the context menu says it's clean.

Start/Run mbam.exe /developer c:\windows\system32\command.com runs a quick scan which says it's clean.

Start/Run mbam.exe /developer runs a full scan which says

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 913051804

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/18/2013 9:50:01 AM

mbam-log-2013-05-18 (09-50-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 340130

Time elapsed: 1 hour(s), 0 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

...

Files Infected:

C:\WINDOWS\system32\command.com (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C]

So, quick scan didn't flag it, full scan immediately afterward did. (The machine was disconnected from the net at the time.)

I'll try updating the MBAM engine as recommended. If I still have the issue, I'll add another post.

BTW, thanks, MBAM is excellent. I have recommended it to many friends.

shadowwar · May 18, 2013

Please update to the latest version of mbam as i said above. I will try to find the def though that may be doing this in the older version.

Running an old version may not hit the latest threats out there.

shadowwar · May 18, 2013

Ok managed to fix this. This was do to the old version not filtering correctly a line in the database. It should no longer be detected.

Just to stress running an old version of the software severely limits detecting the newest threats. Most of them probably wont be detected. The engine itself is just as important as the database.

exile360 · May 18, 2013

Version 1.46 of Malwarebytes Anti-Malware is no longer supported. The oldest currently supported version is 1.62.

Trojan.Agent in COMMAND.COM - false positive?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information