Jump to content

KIS WARNING- MBAM FILES?


Recommended Posts

The answer would be the same as that given for the similar topics in Bleeping Computer and DSLReports.com.
 
Checking the digital signatures of the files will help to provide the answer you seek.
 
The precise content of the files in question may not be the same as those referenced on the Internet in the provided URL. Please consider uploading to VirusTotal and/or, if not detected by Malwarebytes Anti-Malware, the Malwarebytes Research Center in this forum at https://forums.malwarebytes.org/index.php?/forum/51-newest-malware-threats/.

If samples are uploaded to VirusTotal, please update this topic with the URL of its results.
 
If you believe the computer is infected, I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.
 
If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.
 
If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories.
 

Thank you.

Link to post
Share on other sites

Hi:
 
No such detection by KIS of MBAM files here, even with the new version of MBAM (however, I do not have Self-Protection enabled).
And nothing like that in many years of running both MBAM and KIS.
 
Is this the same report that was made for the same issue at bleepingcomputer by any chance: http://www.bleepingcomputer.com/forums/t/581850/kis-mbam-pro-false-positive/
(IOW are you the same OP in both place?)
 
As of the moment, there are no such reports over at the Kaspersky user forum (at least in the English language section).
 
While it's helpful to post about this here at the MBAM forum for Malwarebytes staff, ultimately it may be more expedient to report the issue to the folks at Kaspersky, especially if you think KIS may be detecting the MBAM files in error (a so-called "False Positive").
There is an active user forum here: http://forum.kaspersky.com/index.php?showforum=4
But the best (most efficient) way to report what might be "False Positive" detections by KIS would probably be via logging a ticket with support here: https://my.kaspersky.com/
 
In the interim, to further assist the MBAM staff here, it would help them to know a bit more about your system.
I suggest that you might want to please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Otherwise, as 1PW suggested, you might want to submit the files to VT for analysis and/or proceed with having the system checked for possible malware.

 

Cheers,

Link to post
Share on other sites

  • Staff

These are not mbam files directly but created by our rootkit portion to do a file compare to see if the file is forged.

 

I should be a compare of this file:  C:\windows\system32\drivers\ttnfd.sys

 

Would be a good idea to add this folder to exclusions in Kaspersky to prevent this from happening. 

Link to post
Share on other sites

Yeah, yeah... they are all my posts   *blushes*.. Was in a bit of a panic. Just checked...didn't have MBAM self protection enabled.

 

Will Check out Kaspersky forum  (might as well, posted on all the others......I believe I should take note of my name & chill a bit).

 

When I tried to upload file to Virus Total I was denied access as not being admin even though I am logged as admin...

 

Attached the 3 files.  Thanks for the guidance.

 

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

Hi, chillbill:

 

We would like very much to assist you further.

However, your logs show evidence that the computer is  being used to actively pirate Microsoft software.

 

That violates the forum piracy policy.

 

As such, no further assistance can be provided at this time, until the illegal software has been uninstalled and/or replaced with properly licensed software.

 

Thank you very much for your understanding,

Link to post
Share on other sites

Excuse my 'noviceness', but  shadowwar, are you saying they are safe files that should be kept and put on the KIS exclusion list?

I had KIS remove 1 already before I thought better and wait for scan results.....Any damage done?

Enable self-protection with early start?

 

Again, thanks for your assistance and patience.

Link to post
Share on other sites

Your Windows OS, MS Office or other licensed MS software.

 

OTOH, if this is a work computer, then it is a violation of the MBAM EULA to use the Consumer version 2.1.8 of the program on a business or work computer.

 

Either way, this will need to be sorted out by Malwarebytes forum staff.

Please try to be patient, as it is a 3-day holiday weekend in the US, where most staff members are based.

 

Thank you,

Link to post
Share on other sites

Ok. Thanks.

Called  Office manager at home. Indeed it was MS Office. I just uninstalled it and replaced it with WPS Office.

I will rescan and attach files and wait for reply when staff returns....

 

Still wondering though - did shadowwar say that the files are safe andshould be kept and put on the KIS exclusion list?

I had KIS remove 1 already before I thought better and wait for scan results.....Any damage done?

Should I nable self-protection with early start?

 

Aplogies for the turmoil and thanks for the guidance.

 

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.