Jump to content

Recommended Posts

Hi Malwarebytes,

 

Your scanner reports some false positives in our sample programs and in a Microsoft Visual Studio .Net 2003 sample:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.17.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
 
17/02/2014 14:46:38
MBAM-log-2014-02-18 (09-08-14).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1242654
Time elapsed: 4 hour(s), 34 minute(s), 39 second(s)
 
Memory Processes Detected: 1
C:\132ws\a3smine\service.exe (Trojan.MSIL) -> 2324 -> No action taken. [4ff79944cfab8caa46814b83f0107e82]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\MyAplService (Trojan.MSIL) -> No action taken. [4ff79944cfab8caa46814b83f0107e82]
HKLM\SYSTEM\CurrentControlSet\Services\A3S_Kai (Trojan.MSIL) -> No action taken. [b393904d5723e1550dbaede120e0e31d]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 16
C:\132ws\a3smine\service.exe (Trojan.MSIL) -> No action taken. [4ff79944cfab8caa46814b83f0107e82]
E:\cust\kaia3s\Kai\A3S_Kai.exe (Trojan.MSIL) -> No action taken. [b393904d5723e1550dbaede120e0e31d]
C:\cust\a3s\Unicode_13.0_12170.zip (Trojan.MSIL) -> No action taken. [88bea7369cde83b3cef98e40718f8e72]
C:\cust\a3s\Unicode_13.0_12170\service.exe (Trojan.MSIL) -> No action taken. [47ff914c3347df57ddea6668768a926e]
C:\data\downloads\aMSN-0.98.9-tcl85-windows-installer.exe (PUP.Optional.OpenCandy) -> No action taken. [3214637acbaffe38951c6bd4bf45bb45]
C:\objects\13.2_dss_svn\obj\misc\samples\aplclasses\win\32\Classic\winapi\dev\dbg\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [3e080ecf7dfdf44265d20d5744bd24dc]
C:\objects\13.2_dss_svn\obj\misc\samples\asp.net\golf\csharp\win\32\Classic\winapi\dev\dbg\starting.exe (Trojan.MSIL.Gen) -> No action taken. [f94da33a03777eb842f5c59f9d64e818]
C:\Program Files\Dyalog\Dyalog APL-64 14.0 Unicode\Samples\asp.net\golf\csharp\starting.exe (Trojan.MSIL.Gen) -> No action taken. [093d518c9bdfcf67e84f5410ca37f20e]
C:\Program Files (x86)\Dyalog\Dyalog APL 13.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [440202dbe89286b0fa3d8ed648b99d63]
C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Classic\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [d571617ca7d388ae1c1b511304fd8d73]
C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [23230fce9fdb290d92a5b6ae748d3ec2]
C:\Program Files (x86)\Dyalog\Dyalog APL 13.2 Unicode\Samples\aplclasses\orig\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [e165e9f4d6a47cba3cfb23419b66aa56]
C:\Program Files (x86)\Dyalog\Dyalog APL 14.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [fb4b9449e991cd691a1dfc6839c87789]
C:\Program Files (x86)\Dyalog\Dyalog APL 14.0 Unicode\Samples\asp.net\golf\csharp\starting.exe (Trojan.MSIL.Gen) -> No action taken. [62e404d9fe7c102671c6f66e48b9fb05]
C:\Program Files (x86)\Dyalog\zzzDyalog APL 13.0 Unicode\Samples\aplclasses\aplfns2a.exe (Trojan.MSIL.Gen) -> No action taken. [420405d87ffb5ed896a197cd738e08f8]
C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe (Adware.StatBlaster) -> No action taken. [34128d50accea294f0eab5ffc43fbc44]
 
(end)
 
Regards,
 
Vince
Link to post
Share on other sites

  • Staff

Hi Vince,

 

Most are a generic detection here, but for this, in order to fix this, please zip and attach the following samples:

 

C:\132ws\a3smine\service.exe

E:\cust\kaia3s\Kai\A3S_Kai.exe

C:\Program Files (x86)\Dyalog\Dyalog APL 13.0 Unicode\Samples\aplclasses\aplfns2a.exe

C:\objects\13.2_dss_svn\obj\misc\samples\asp.net\golf\csharp\win\32\Classic\winapi\dev\dbg\starting.exe

C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\SDK\v1.1\QuickStart\howto\samples\xml\xmlnamespace\cp\XmlNameSpace.exe

 

This so they can be reviewed and detection adjusted.

 

 

Extra note, C:\data\downloads\aMSN-0.98.9-tcl85-windows-installer.exe <== this is no false positive. We detect here as PUP.Optional.OpenCandy (PUP=Potential Unwanted Program) since it uses the OpenCandy advertising module. PUP detections aren't prechecked by default for removal, so it's up to the user whether they want to remove it or not.

Link to post
Share on other sites

Hi Mieke,

 

Thanks for your very quick analysis and fix.  You might like to update your program's help file as well, as it says 

  1. Contact us at www.malwarebytes.org/support and be sure to include a copy of this developer's log. It is crucial that we receive this log in order to analyze and resolve the issue quickly

I did that, but I was then directed to post in these forums...

 

Regards,

 

Vince

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.