Jump to content

Unknown.Rootkit.Driver


TwinHeadedEagle

Recommended Posts

  • Staff

Hi,

 

This is no false positve - we are detecting correctly here, because this file is forged. Also see here for more explanation:

https://forums.malwarebytes.org/index.php?/topic/165846-false-rootkit-driver-detection/

This ofcourse doesn't mean it's malware. It might be a legitimate program forging this file instead. RollBackRX does this, however, other programs with a similar Rollback feature could cause this as well.

So it's all a matter of having that program "allow" the changes to that recently updated usbd.sys file (so it's not forged anymore).

 

Edited to add - looking at that log, I don't see RollbackRXPC installed there, so my guess is that the Lenovo Instantreset feature is probably causing this, so disabling that service a reboot and re-enabling that service can solve this.

Additional note, as being posted here: http://answers.informer.com/15160/disable-lenovo-instant-reset-use-the-windows-system-restore- do not uninstall the program, as it seems it will revert the pc back to factory settings, from what I read from that post. Disabling only should help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.