Jump to content

Synaptic files false positives


jholland1964

Recommended Posts

Have noted all posts concerning false positives with Synaptic drivers. Am helping a friend who had the same thing happen to him.

His problem is though all files were deleted from Quarantine.

Here are the ones he found, the Synaptic files can likely be reinstalled with his driver disk, though he isn't pleased of course. But am wondering now about the others found.

 

C:\ProgramData\NTUSER.dat (Trojan.Trace) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\GDIPFONTCACHEV1.DA T (Trojan.Trace) -> Quarantined and deleted successfully.

 

Would these likely also have been false positives?

Link to post
Share on other sites

Here are the files originally removed:

C:\Program Files\Synaptics\SynTP\SynZMetr.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
C:\SWTOOLS\DRIVERS\UNAV\WinWDF\x64\SynZMetr.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
C:\SWTOOLS\DRIVERS\UNAV\WinWDF\x86\SynZMetr.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
c:\windows\system32\driverstore\filerepository\syn pd.inf_amd64_neutral_a38b1d6dbd0e8560\synzmetr.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
c:\windows\system32\driverstore\filerepository\syn pd.inf_amd64_neutral_c69fb04248ebe31e\synzmetr.exe (Trojan.Dorkbot.ED) -> Quarantined and deleted successfully.
C:\ProgramData\NTUSER.dat (Trojan.Trace) -> Quarantined and deleted successfully.
C:\Users\Daniel\AppData\Roaming\GDIPFONTCACHEV1.DA T (Trojan.Trace) -> Quarantined and deleted successfully.

 

 

He attempted to restore all files but the bottom two files that I have bolded could not be restored

 

Here is his new log from scan done after the restore of the 5 quarantined files that would allow a restore;

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Daniel :: DANIEL-THINK [administrator]

12/20/2013 12:12:35 AM
mbam-log-2013-12-20 (00-12-35).txt

Scan type: Full scan (C:\|Q:\|R:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462616
Time elapsed: 1 hour(s), 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.