Jump to content

Possible False Positive - Trojan.Zbot Detection


Recommended Posts

A MBAM Premium v. 2.0.4.1028 (malware database v2015.03.15.03) full system Custom Scan detected a zipped file named ProgDataMgmt_PASW18_examples.zip today as Trojan.Zbot malware that I believe is a false positive.

This file was downloaded from http://www.spss.com/sites/dm-book/ (now http://www-01.ibm.com/software/analytics/spss/) in 2009 and contains sample data for a SPSS statistical software training tutorial. My previous MBAM full system Custom Scan on 23-Feb-2015 with malware database v2015.02.23.04 did not flag ProgDataMgmt_PASW18_examples.zip as malware. A VirusTotal scan today shows the SHA256 hash 8bf632c66bf2edbc02b480b7131dd83a4795f508e5d378b7b833a598ca0736c6 for this file has a 1/57 detection ratio (see analysis <here>) and MBAM is the only AV engine to flag this file as malware.

 

ProgDataMgmt_PASW18_examples.zip

MBAM Log FP Trojan_ZBot 15 Mar 2015.txt

 

-------------
32-bit Vista Home Premium SP2 * Firefox 36.0.1 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Link to post
Share on other sites

Hi nosirrah:

Cheers.  I restored ProgDataMgmt_PASW18_examples.zip from quarantine and re-scanned with malware database v2015.03.16.03 today and the file is no longer being detected as malware.
-------------
32-bit Vista Home Premium SP2 * Firefox 36.0.1 * NIS 2014 v. 21.6.0.32 * MBAM Premium 2.0.4
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.