Jump to content

Recommended Posts

Not sure if this is a False Positive or not -- but the very mention of this particular Trojan has me jolting me upright in my seat. This particular version of Abbyy FineReader was installed on this computer on November 11th 2014; since that time, a number of scheduled MBAM scans have been carried out and the all-clear given every time. This morning, however, the routine scan reported "Malicious items detected: 1":

 

Trojan.Carberp.ED in Program Files x86 ABBYY FineReader 5.0 Pro\ExtDictSaver.exe. 

 

Apologies for not being a rocket scientist where FPs are concerned, but I'm a bit lost as to why this alert message appeared when the actual scan log doesn't mention it at all:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/01/2015

Scan Time: 10:14:32

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.11.05

Rootkit Database: v2015.01.07.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User:  xxxxxxxxxxxxxxxxx

 

Scan Type: Threat Scan

Result:        Completed

Objects Scanned: 138

Time Elapsed: 0 min, 21 sec

 

Memory:     Disabled

Startup:       Disabled

Filesystem:  Enabled

Archives:     Enabled

Rootkits:     Disabled

Heuristics:  Enabled

PUP:            Enabled

PUM:          Enabled

 

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

 

Screenshot attached.

 

post-137665-0-66377800-1420979218_thumb.

Link to post
Share on other sites

Thanks, shadowwar. My MBAM History shows two logs for this morning's activity, a scan log and a protection log. They're identical. The scan log is as quoted in my original post, but here are both as zip files -- hope it helps (as noted, I'm a bit bemused at experiencing a warning over a file threat when the log itself doesn't record such a threat. However, also as noted, I am distinctly inexpert in such matters.)

Mbam log file.zip

MBAM Protection log.zip

Link to post
Share on other sites

Thanks, sadowwar for your help, and apologies for being a nuisance. Just a quick question: is there an explanation as to why an MBAM alert is flashed up in regard to a file threat but that alert isn't recorded in the scan log??? Or am I misunderstanding this?? (Wouldn't surprise me.)

Link to post
Share on other sites

If it was a protection module flash alert it would have to be in the protection log.   What u sent as a protection log was a normal threat scan log and not protection. . . .

a protection log would have this name format protection-log-2015-01-11.xml

 Hi Rich: thanks again for your input -- and sincere apologies from me for any inconvenience caused. Unfortunately . . .

 

Something really odd is happening with the Mbam software installed on this computer, as evidenced not only by my inmability to find any record of a threat in the log files, but by the existence of two identical logs (which I uploaded), one of which *should* have been the daily protection  log . .  but wasn't. (And yes: I did indeed double-check before I exported the log / protection files and zipped 'em.)

 

Further investigation now shows that although the threat discovered by MBam in this morning's 9.23am scan was recorded in the Quarantine Log (all times are UK time) the Daily Protection Log -- which is now functioning again, after what appears to have been the inexplicable duplication of data from one log to the other -- does not record the existence of any such scan. At all.

 

I am uploading two screenshots plus a re-run of the original alert:

 

* the original Threat Alert of 9.23am today, January 11th;

 

* The Quarantine Log, which shows that MBAM quarantined the threat at 9.23am today, January 11th;

 

* the newly functioning "Daily Protection Log", which unlike earlier this afternoon, no longer duplicates the scan log, but now reports MBAM activity as it happened . . . EXCEPT no mention is made of the 9.23am scan, or the resulting Threat Alert.

 

Instead: the Daily Protection Log reports that no scan was made until 10.05am today.

 

That simply isn't true.

 

In summary, therefore, I am now concerned about:

 

1) The mysterious duplication of the scan log such that it appeared as the daily protection log;

 

2) The omission from the scan log of any reference to a 9.23am scan and the identification of the Carberp.ED Trojan threat;

 

3) The resulting diagnostics obstruction -- because neither you nor I were able to view an accurate record of what happened;

 

4) The "restoration" of the daily protection log to the form it should have been in -- but without any mention in that log of either the 9.23am scan nor the 9.23am threat identification.

 

Is something, somewhere, somehow exerting a malign influence over MBAM's performance?? Were it not for the evidence of the Quarantine log, I'd almost believe that this threat alert never occurred. . .

 

And yet it did.

 

Sorry to be nuisance!

post-137665-0-67721400-1421006198_thumb.

post-137665-0-51261200-1421006200_thumb.

post-137665-0-51805200-1421006201_thumb.

Link to post
Share on other sites

Rich: don't worry, no problem. I'll keep an eye out on how things go. MBAM is working fine and though I'm mystified as to what occurred today, it's not something I've time to deal with right now and certainly wouldn't dream of pestering support. I need to re-check everything because as like as not, it'll be my fault somewhere along the line. All best: Nooby.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.