Malawarebytes on wine1.4

[0x0B0B]

I am using Malwarebytes Anti-Malware 1.75.0.1300 on a new wine1.4 installation on Ubuntu, and  repeatedly find the following 3 files detected
c:\program files\foxitreader\bin\com7.exe (Trojan.Agent) -> No action taken.
c:\users\bob\local settings\temp\rar$ex7.src777\com7.exe (Trojan.Agent) -> No action taken.
c:\users\public\local settings\temp\rar$ex7.src777\com7.exe (Trojan.Agent) -> No action taken.
They still appear in the report after rebooting and running again.
- yet I cannot find them on the system (looking in Ubuntu and Wine):
sudo find / -name com7.exe -exec ls -la {} \;
sudo find / -name foxitreader -exec ls -la {} \;
find nothing.
Any one else get this?

[miekiemoes]

Hi,

 

This is rather a ghost detection than a false positive where some additional program interferes with malwarebytes' enumeration and causes misdetections.

What other apps do you have installed there? (security apps). Anything that uses a blocklist/whitelist of certain applications?

 

Edited to add.. also Com7 is a reserved filename in windows, so you basically cannot create a file with that name (in normal ciscumstances) - so I wonder if wine acts differently here on reserved filenames and causes this "mbam misread".

I rather believe this is the case here, so I'll look into this further to bypass.

Edited November 16, 2013 by miekiemoes

[0x0B0B]

Thanks for your response. The only other security app I have running is avast for linux - I'm not aware of any block/white list.  The guilty machine is down at the moment, but I'll check it out again and see what I find...