Jump to content

FP - SkyDriveSetup.exe, Telemetry.dll?


lddaly

Recommended Posts

False positives?

 

Version: 2.01.6.1022
Malware Database: v2015.06.03.06
Rootkit Database: v2015.06.02.01

Files: 1
Trojan.Agent.RC, C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe, Quarantined, [d57d61559ded8da9828a9c8c9d699d63]

 

Another system received this file too:

Detection, 6/3/2015 4:22:17 PM, SYSTEM, xxxx, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\xxxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [064cd2e4b9d1bc7aaa62e246ac5a7789]

Link to post
Share on other sites

We have a 70 user license and we have now started to see same on soem of our machines. I think it is machines that have Office 2013.  I think this is a false positive (I hope).  Awaiting Malwarebytes to verify.  The challenge is Malwarebytes detects, tries to remove, and reboots the computer over and over.  It removes it, then I think Microsoft adds it back and the cycle continues. That is the challenge, hard for staff who habe Office 2013 (If my theory is correct) to work. Malwarebytes - any thoughts?

Link to post
Share on other sites

Malwarebytes detected the same thing on my home computer, and I don't have Office installed. It appeared today for the first time. The only thing I can think is that it's a false positive, possibly related to the Windows 10 offer that everyone is seeing in the system tray.

Link to post
Share on other sites

Same issue here,

 

Will update to 2015.06.04.01 as suggested by MOD

...Thanks

 

 

This was the previous log (some personal identifiable info. changed/overwritten):

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 04/06/2015 01:16:53, SYSTEM, comp, Scheduler, Rootkit Database, 2015.5.31.1, 2015.6.2.1,
Update, 04/06/2015 01:17:52, SYSTEM, comp, Scheduler, Malware Database, 2015.6.1.4, 2015.6.3.6,

Protection, 04/06/2015 01:17:54, SYSTEM, comp, Protection, Refresh, Starting,
Protection, 04/06/2015 01:17:54, SYSTEM, comp, Protection, Malicious Website Protection, Stopping,
Protection, 04/06/2015 01:17:57, SYSTEM, comp, Protection, Malicious Website Protection, Stopped,
Protection, 04/06/2015 01:20:30, SYSTEM, comp, Protection, Refresh, Success,
Protection, 04/06/2015 01:20:30, SYSTEM, comp, Protection, Malicious Website Protection, Starting,
Protection, 04/06/2015 01:20:35, SYSTEM, comp, Protection, Malicious Website Protection, Started,

Detection, 04/06/2015 01:24:19, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:28:57, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:31:19, SYSTEM, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:31:56, SYSTEM, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:32:56, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:34:24, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\TELEMETRY.DLL, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:34:40, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\TELEMETRY.DLL, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]
Detection, 04/06/2015 01:34:44, abcd, comp, Protection, Malware Protection, File, Trojan.Agent.RC, C:\Users\abcd\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\Telemetry.dll, Quarantine Failed, 5, Access is denied.  , [a8aaeaccf5956fc7e8240a1ee02601ff]

Link to post
Share on other sites

  • Staff

If you are still having the same issue with detection even after updating Homeboy, you will need to shutdown & restart MBAM (in the systray) or reboot the machine.

This will load the new defs & the above should no longer be detected.

And.. in case something was quarantined & you need to restore it, instructions are here:
https://forums.malwarebytes.org/index.php?/topic/3228-please-read-before-reporting-a-false-positive/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.