Jump to content

False positive windows DVD Maker trojan.FakeMS

jmachats

By jmachats
in File Detections

 Share

Recommended Posts

  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The location where it is stored is the issue.  Only the TrustedInstaller account has rights to replace the file there.

 

Try the DVD program out and scan for infection again and let me know if you continue to have any issues or errors.

 

If needed we may need to address replacing the one file manually but let me know.

 

Thanks

Link to post
Share on other sites
J_Meyer

J_Meyer

Posted
Posted

Can I ask two follow-up questions on this topic?

(Apologies in advance for not being very tech-savvy)

I have the exact same 'DVD Maker trojan.FakeMS' issue with a log file nearly identical to jmachats above. The 2 files were noted as quarantined and deleted successfully. I re-ran MB after removal and it now shows no malicious items detected.

ref - my mbam log:
"Files Detected: 2
C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Windows\winsxs\amd64_microsoft-windows-o..sc-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_102a16b698e56faf\DVDMaker.exe.mui (Trojan.FakeMS) -> Quarantined and deleted successfully."

My first question is, by false-positive, does that mean there was nothing wrong to begin with? My cpu usage started spiking continuously with no programs running - which is how I knew something was wrong in the first place. It happened three times in a row - about an hour after restarting and is now functioning normally after running MB.

My second question is, is this all that needs to be done? According to countless articles online including MB topics, they consistently recommend numerous detection/cleaning downloads with detailed steps that must be taken to ensure your system is free of a trojan.FakeMS infection... including a complete re-install of the OS in some cases because this infection is said to be brutal.

It would be great if I've already handled the problem (thanks to Malwarebytes) but after everything I've read about it, this just seems too easy and I am still concerned about security issues. Is there any reason at all to D/L & run ComboFix, AdwCleaner, a Junkware Removal Tool or a TDSSKiller to be sure no rootkits are involved?

Thank you for your help and for your indispensable program.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, a "False Positive" means that some object was detected as an infection when in fact it was not an infection.  

 

No, if this is/was you're only detection then you should be just fine.  If you do use this program and it's no longer working then you can elect to try a restore from the quarantine folder or try reinstalling the program. 

 

If you need further assistance please let us know.

 

Thanks

Link to post
Share on other sites
J_Meyer

J_Meyer

Posted
Posted

Thank you for your help. In your experience, do you have any knowledge on what would have caused the cpu spike(s) if there was never any infection, and once the files were deleted, the cpu spikes stopped? This is what doesn't make any sense to me and it still has me concerned about my computer's security.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Difficult to say without doing some scans of your system but you'd need to do so in another sub forum as we're now getting off topic for this discussion.

 

If you like we can have one of the Experts help you examine your system.   I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

I will go ahead and close this topic now but if you want to go ahead and follow the directions above if for nothing else a piece of mind.

 

Thanks

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.