Jump to content

False positive for Trojan.Kovter.Generic


SrITAssociate

Recommended Posts

3 hours ago, SrITAssociate said:

The file is no longer getting quarantined, so I believe that you already fixed it some time ago. Maybe you just didn't know that you did it. Thank you anyway! :-)

You're right, this false detection was reported to us a couple of weeks ago and we were able to fix it then :)

Thanks for sending us the file though, it should no longer be accidentally detected from now on.

Regards

Link to post
Share on other sites

1 hour ago, SupremeMystique said:

I've gotten this detected just today. Are you sure it's a false positive. I read that it does click fraud( http://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan). I quarantined it immediately. What do you think I should do? 

Are you sure you had the same file SrITAssociate reported to us as a false positive? If it's the same, you should be fine as it was indeed a false positive.

Show us your MBAM log so we can point you in the right direction. Here's a guide on how to obtain it: HERE

Link to post
Share on other sites

On 5/21/2016 at 2:54 PM, thisisu said:

Are you sure you had the same file SrITAssociate reported to us as a false positive? If it's the same, you should be fine as it was indeed a false positive.

Show us your MBAM log so we can point you in the right direction. Here's a guide on how to obtain it: HERE

I'm not sure about the first part of your question. Here's the log.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-05-21
Scan Time: 1:09 PM
Logfile: trojanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.21.03
Rootkit Database: v2016.05.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: pahmadi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300512
Time Elapsed: 3 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Kovter.Generic, C:\Users\pahmadi\AppData\Local\Temp\is-9M3NN.tmp\wintb.dll, Quarantined, [a9de1ebab0e940f6720bb71d12efe41c], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

It does look like a false positive. Just to be sure, please attach the file as well.

How to restore a file from Quarantine:

If you suspect an object of being a false positive but it has already been quarantined, you may need to restore the object from quarantine in order to provide it to the Research team for analysis.

  • Open Malwarebytes Anti-Malware and access the Quarantine tab
  • Click once on the object you wish to restore in order to select it
  • Click on the Restore button and the object will be removed from quarantine and put back into its original location where it was first detected by Malwarebytes Anti-Malware

Then zip and attach it here for review.

Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.