Jump to content

False Positive: Trojan.FakeMS.TT


candystand

Recommended Posts

Hi, so while doing a routine Malwarebytes Full Scan (with the lastest free version) using definition file v2013.06.15.07, I encountered an infection known as Trojan.FakeMSTT on the file "C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll" Being unable to find any info on the nature of this Trojan (or the dll file for this matter), I decided to upload a copy of the aforementioned file to VirusTotal, and all scanners came back clean. This has led me to believe that Malwarebytes may have found a false positive. I have attached the log file from the scan and the affected file in a zip file for your convenience. Thanks for looking into this matter!

MBAM-log-2013-06-15 (23-01-21).txt

msitss55.zip

Link to post
Share on other sites

So what's going on? This post regarding the same thing:

http://forums.malwarebytes.org/index.php?showtopic=127823

has an administrator seeming to confirm that the report is correct, i.e. not a false positive.

I too have had Malwarebytes identify this trojan. So is it a false positive or not?

Can the moderators/administrators come to some agreement?

I'm not a member of the Research team. Whether I'm a moderator or administrator has nothing to do with it. If a member of the Research team says it's a false positive, then it is. When I responded to the above topic I wasn't aware that it was an FP.

By the way, it's entirely possible that not all of these detections are FPs. If it's the exact same file being detected, then yes, it is, but if it isn't the same file being detected, then it may not be.

Link to post
Share on other sites

has an administrator seeming to confirm that the report is correct, i.e. not a false positive.

I too have had Malwarebytes identify this trojan. So is it a false positive or not?

Can the moderators/administrators come to some agreement?

Hello, do you have the exact same file as candystand? The file in question has an MD5 checksum of '7713E5561FC02CE63C6E5D942AB9D927'.

Link to post
Share on other sites

Hi I just got a notification on the same exact file as candystand. msitss55.dll in the same file path location. Can someone confirm if it is a false positive? The 2 different threads here and referenced were a little confusing. I am asking specifically about the file in this thread. Thanks.

Link to post
Share on other sites

Hi I just got a notification on the same exact file as candystand. msitss55.dll in the same file path location. Can someone confirm if it is a false positive? The 2 different threads here and referenced were a little confusing. I am asking specifically about the file in this thread. Thanks.

Update and re-scan. If the file is no longer detected, then it was indeed a false positive.
Link to post
Share on other sites

So what's going on? This post regarding the same thing:

http://forums.malwarebytes.org/index.php?showtopic=127823

has an administrator seeming to confirm that the report is correct, i.e. not a false positive.

I too have had Malwarebytes identify this trojan. So is it a false positive or not?

Can the moderators/administrators come to some agreement?

I had the same thing happen too. I just deleted it since it was in my old.windows folder from when I had vista...

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.