Jump to content

fp both.cmd

traveler12

By traveler12
in File Detections

 Share

Recommended Posts

traveler12

traveler12

Posted
Posted

We add new detection tech in each version along with different whitelisting techniques. Thats why its always important to update program version also. Old version will ignore the newer tech in the databases.

I just updated to version 1.75.0.1300 and this result showed up:

BOTH.CMD (Trojan.Agent)

This little batch file has been sitting on my C drive for almost two months and never alerted before, I know who wrote it, and I confirmed that the contents haven’t changed at all. What detection technology are you using that calls a simple batch file a “Trojan Agent” as opposed to a “Potentially Unwanted Program?”

Then I conducted a full scan and this item mysteriously showed up:

WeeklyCalendar.zip (Backdoor.MSIL.PGen)

This archive is part of a distribution package for a Do It Yourself daily (printed) calendar, freely available on the web from the non-profit group at diyplanner.com, and the zip archive hasn’t been touched (or modified) since I saved it more than 2 years ago. Nothing malicious about the program, nor the author.

Another familiar program (but not familiar as “malware”) also showed up:

NETDDE2K.exe (Trojan.Agent)

This is part of the Daytimer Organizer 2000 package, for which I purchased a license years ago and still use. This program also hasn’t been modified since long before MBAM had been in existence.

Out of eight items flagged by MBAM for removal (more items than shown in this message), only one was legitimate malware (which I knew about before running MBAM). False positives appear to be getting worse, not better. How are you fixing these problems?

Link to post
Share on other sites
  • Staff
shadowwar

shadowwar

Posted
  • Staff
Posted

Can you show me a dev log please and also attach those files.

Instruction for dev log at this link

http://forums.malwarebytes.org/index.php?showtopic=3228

We recently added zip detection which will find more things in archives now.

Normally we do not detect bat files so i am not sure what might be going on without the logs and the files.

Please attach these here in zip format and i will get them fixed and also added to the fp filtering server.

We have had a lot less false positives since the server has been onliine. The server mainly prevents Operating system file false positives. As we add files from apps like this to it it will get better and have less and less.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept