Jump to content

Trojan.Agent in COMMAND.COM - false positive?


viruskiller
 Share

Recommended Posts

Hello Malwarebytes,

I updated Anti-Malware to the latest database version (913042702) and ran a full scan today. Here's what I got after running the same scan in developer mode:


Files Infected:
C:\Windows\System32\COMMAND.COM (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C]

This never happened before. I'll be pleased if you guys could check this one whether it's a false positive or not.

I've zipped everything and attached it in this post. The zip file includes the following files:


COMMAND.COM -> the file reported as "infected"
COMMAND.md5 -> MD5 checksum of the file for verification
mbam-log-2013-04-27 (13-41-29).txt -> the detailed log of my scan in developer mode

Regards,

viruskiller

mbam-false-positive-2013-04-27.zip

Link to post
Share on other sites

Yes, I was still running 1.46 (2010), because it always let me update the database for some strange reason, thus I assumed it wasn't necessary to install a new version of the mere software itself.

Never mind. I have updated to your latest 1.75 and run a quickscan 15 minutes ago. And it did not detect the false positive. Sorry for the inconvience on my part.

Here's the log:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.03.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

(computer name deleted due to privacy)

Protection: Disabled

03.05.2013 17:59:11

mbam-log-2013-05-03 (17-59-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258394

Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

As you can see I still use Windows Vista on my old PC. I guess it's about time for me to also update to Windows 7 or even Windows 8. :D

Link to post
Share on other sites

  • 2 weeks later...

Hello, Malwarebytes and viruskiller,

I, also, have had my COMMAND.COM flagged as having Trojan.Agent.

I, also, am running MBAM 1.46 with updated virus defs (913051804).

My COMMAND.COM is freshly expanded from a genuine MS XP Home CD.

Weirdly, right-clicking in Explorer and choosing scan with MBAM from the context menu says it's clean.

Start/Run mbam.exe /developer c:\windows\system32\command.com runs a quick scan which says it's clean.

Start/Run mbam.exe /developer runs a full scan which says

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 913051804

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/18/2013 9:50:01 AM

mbam-log-2013-05-18 (09-50-01).txt

Scan type: Full scan (C:\|)

Objects scanned: 340130

Time elapsed: 1 hour(s), 0 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

...

Files Infected:

C:\WINDOWS\system32\command.com (Trojan.Agent) -> No action taken. [27517B842938D5006908C61D87F3AB7C]

So, quick scan didn't flag it, full scan immediately afterward did. (The machine was disconnected from the net at the time.)

I'll try updating the MBAM engine as recommended. If I still have the issue, I'll add another post.

BTW, thanks, MBAM is excellent. I have recommended it to many friends.

Link to post
Share on other sites

  • Staff

Ok managed to fix this. This was do to the old version not filtering correctly a line in the database. It should no longer be detected.

Just to stress running an old version of the software severely limits detecting the newest threats. Most of them probably wont be detected. The engine itself is just as important as the database.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.