Jump to content

Malwarebytes found 10 Trojans but are they false positives?


Ginga
 Share

Recommended Posts

I posted this on the wrong board, so I shall copy&paste my original post to here.

 

Malwarebytes Anti-Malware Home (Free) "version 2.2.0.1024" just found 10 Trojans on my system.

However, before running the MB scanner I ran Eset Nod 32 Antivirus 8 (latest version) and it didn't find any treats.

I scan my system everyday, sometimes multiple times a day, using both programs and since these treats are marked registry I'd rather not delete them until we can confirm if they're just false positives or actual Trojans. Please help.

 

Copy paste from the scan results:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19-10-2015
Scan Time: 15:43
Logfile: Malwarebytes resulsts text.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.19.02
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 444254
Time Elapsed: 1 hr, 2 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0AA878E-97A5-44df-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f],
Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0AA878E-97A5-44DF-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.FakeMS, C:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b\IMTCCAC.dll, , [1ab469ef4c3f8da9e12d940302ff3ec2],
Trojan.FakeMS, C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_faff6acb5cd29b45\IMTCCAC.dll, , [9b33bc9c8b00dc5a0a0498ff2ad70af6],

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

As an additional request, can you zip and attach the following file to this thread?

 

C:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b\IMTCCAC.dll

If you could please guide me through the exact steps to do this I would be most appreciative :)

 

Do I need to just copy the file and attach it to a zip folder?

Also could I send the file to you over a private message instead of this open board?

Link to post
Share on other sites

Hi,

 

It's OK already, we received the file from another source already :)

 

Ah okay. So hopefully that file was also just a harmless false positive then?

 

So should I just choose to ignore these 10 false positives and update Malwarebytes and do a new scan then?

My apologies for all the questions, I just want to make sure that no mistakes and misunderstandings are made :D

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.