Jump to content
bha19

newsid

Recommended Posts

I installed sys internals a year ago or so it seems is the date my computer is telling me. Today for the 1st time my Malwarebytes pro scan says newsid.exe is a trojan agent. Should I remove it?

Share this post


Link to post
Share on other sites

Hi bha19,

 

Please zip and attach the MBAM log showing the detection and also zip and attach the file in a reply.

 

I can verify from there.Thanks in advance

Share this post


Link to post
Share on other sites

I use WSCC - Windows System Control Center - to access all of Sysinternals tools as well as all of Nir Sofer's NirSoft tools.  MBAM has *always* found exception with numerous tools provided by both sites, and I always have to add an exception for the folders where the tools from each website reside on my drive as well as in my PortableApps version of WSCC.

 

If you'd like, I can remove the exclusions, let MBAM scan the files, and then send each of the ones that triggers a response in MBAM.

Share this post


Link to post
Share on other sites

Then depends. If they are pup nirsoft or the like then they are being detected correctly. If they are detected as trojan or the like then i would love to see them.

Share this post


Link to post
Share on other sites

Came in this morning to find hundreds of infections. newsid.exe. Second large false positive we've had from MBAM. Fotrunetly this is only in the set up direcoty and not buisness emparitive like the last one. Might want a bigger bed of testing before you send out updates.

Share this post


Link to post
Share on other sites

Yesterday's signatures (v2014.03.17.06 dated 3/17/2014 12:11:30pm) also led to the false positive for the Microsoft/SysInternals newsid.exe (dated 8/4/2009, 228152 bytes) on my machine. I will re-test with v2014.03.18.06 and let you know either way.

Share this post


Link to post
Share on other sites

newsid.exe is still marked as being Worm.Autorun using v2014.03.18.06 signatures. (However, there are other false positives -- within Samsung printer drivers -- that are no longer appearing.)

Share this post


Link to post
Share on other sites

Thank you; I've tested with the latest and it is no longer being reported as infected. (I would have attached a .zip to an earlier report except that the file has been checked before and is unchanged for years.)

Share this post


Link to post
Share on other sites

the previous one was a different version of newsid thats why this one slipped by. Both versions are on filtering server now

Share this post


Link to post
Share on other sites

I got the false positive of file newsid.exe

https://www.virustotal.com/en/file/c2f4591f7e9598ceb47cbce280180b3e104f70509dce7d1e90ca758f69d79ddd/analysis/

sha256 = c2f4591f7e9598ceb47cbce280180b3e104f70509dce7d1e90ca758f69d79ddd

sha1 = 4c64df34ef8f8faa757e1d4482486453d7425752

md5 = 73e708d1126e7af86a4ef820c24d80e4

Virustotal reports it as malwarebytes being the only virus program that reports it being bad.

 

I unquarantined & updated malwarebytes to v2014.03.18.10 and re-scanned.  No malicious items were detected this time.  Thanks for fixing this false positive.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.