Cheat Engine 6.2 (%install dir%\dbk64.sys == Rootkit.Necuts.GO)

[Gloserous]

Today MalwareBytes detected  the file dbk64.sys from a Cheat Engine 6.2 install as an Rootkit.Necuts.GO infection.

I can't upload the file due to not having permissions but here is the virus total of the file
https://www.virustotal.com/en/file/edc21b955b5697a42207879d87b7908728c0d2cf12a9e17ef3b4c6d8dccc0ed4/analysis/1394514743/

 

==========Here is a copy of the log==========

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Gloserous :: IMASHARKSMD [limited]

Protection: Enabled

3/11/2014 1:20:53 AM
MBAM-log-2014-03-11 (01-20-59).txt

Scan type: Custom scan (C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra
Objects scanned: 1
Time elapsed:

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Cheat Engine 6.2\dbk64.sys (Rootkit.Necurs.GO) -> No action taken.

(end)
 

[Gloserous]

I just read https://forums.malwarebytes.org/index.php?showtopic=3228 and learned that I had to zip/rar the file.

Its attached below.

dbk64.sys.zip

[miekiemoes]

Hi,

 

This is a false positive indeed and will be fixed in next database update.

 

Thanks for reporting!