Jump to content

Possible False Positive


Popeye

Recommended Posts

Malwarebytes' Anti-Malware 1.37

Database version: 2247

Windows 5.1.2600 Service Pack 3

6/8/2009 12:12:43 PM

mbam-log-2009-06-08 (12-12-36).txt

Scan type: Full Scan (C:\|)

Objects scanned: 146062

Time elapsed: 1 hour(s), 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\$ntservicepackuninstall$\taskmgr.exe (Trojan.Downloader) -> No action taken. [41345241307168182317666870191868251825202423261967202026691920176969216770]

Link to post
Share on other sites

Hi,

This looks indeed like a false positive.

This will be fixed in next update.

Thank you for the quick response. :P

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.37

Database version: 2248

Windows 5.1.2600 Service Pack 2

6/8/2009 11:58:23 AM

mbam-log-2009-06-08 (11-58-18).txt

Scan type: Full Scan (C:\|)

Objects scanned: 157767

Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\taskmgr.exe (Trojan.Downloader) -> No action taken. [41345241307168182317666870191868251825202423261967202026691920176969216770]

c:\WINDOWS\system32\dllcache\taskmgr.exe (Trojan.Downloader) -> No action taken. [41345241307168182317666870191868251825202423261967202026691920176969216770]

I get an error message when it is preparing to scan: SwissArmy failed to initialize, error code: 0

mbam.jpg

I don't get this error if I don't use the Run command (mbam.exe /developer)

I quarantined those files, but the task manager couldn't be used. I restored them and I was able to bring up the task manager.

Link to post
Share on other sites

  • Staff

This FP was caused because a backdoor dropped a file taskmger.exe (note the spelling) in the Windows\tasks folder. This appeared to be an older renamed version of the legit taskmgr.exe - so that caused the confusion which we resolved asap. Thanks for the feedback. :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.