SKIBA Posted March 9, 2015 ID:946144 Share Posted March 9, 2015 I wanted to report to you that these files (txt entry) are safe and except them in future updates. The program considers these files as rootkits, but these are the original files from Microsoft. Even if I add an entry to the program ignore it, it would still detects and shows me a false alarm at the end of the scan. false rotkit detection.txt Link to post Share on other sites More sharing options...
Staff miekiemoes Posted March 9, 2015 Staff ID:946149 Share Posted March 9, 2015 If the scanner sees a legitimate file as "Unknown.Rootkit.Driver", then this means there's probably indeed a rootkit present (as we have seen with certain 0access variants) where the files are "forged" by the rootkit. Meaning, reads through WinAPI differs from the contents readen through low-level disk access. In such cases, malwarebytes fixes this and restores this with a "clean" one.It doesn't always mean that you were indeed dealing with a rootkit. We've seen some other cases as well causing files to be forged (by some legitimate software) or by a DDA driver failure.Being this was detected with the rootkit engine you might want to discuss this in the mbar forum.https://forums.malwarebytes.org/index.php?/forum/116-malwarebytes-anti-rootkit-beta-help/ Link to post Share on other sites More sharing options...
SKIBA Posted March 9, 2015 Author ID:946166 Share Posted March 9, 2015 If the scanner sees a legitimate file as "Unknown.Rootkit.Driver", then this means there's probably indeed a rootkit present (as we have seen with certain 0access variants) where the files are "forged" by the rootkit. Meaning, reads through WinAPI differs from the contents readen through low-level disk access. In such cases, malwarebytes fixes this and restores this with a "clean" one.It doesn't always mean that you were indeed dealing with a rootkit. We've seen some other cases as well causing files to be forged (by some legitimate software) or by a DDA driver failure.Being this was detected with the rootkit engine you might want to discuss this in the mbar forum.https://forums.malwarebytes.org/index.php?/forum/116-malwarebytes-anti-rootkit-beta-help/ And what could be the fault of any additional software, for example. Rollback Rx PC, because I have any, is installed? Link to post Share on other sites More sharing options...
Staff miekiemoes Posted March 9, 2015 Staff ID:946167 Share Posted March 9, 2015 Hi, Yes, Rollback Rx PC causes this often as well. For example, when new software or Windows updates are installed when there are drivers involved, Rollback might forge these.What helps in most of the cases here is, uninstall Rollback Rx, reboot and reinstall again. That should normally solve the problem of it forging newly installed or updated drivers. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now