Jump to content

False positive for Trojan.Kovter.Generic

SrITAssociate

By SrITAssociate
in File Detections

 Share

Recommended Posts

  • Staff
thisisu

thisisu

Posted
  • Staff
Posted
3 hours ago, SrITAssociate said:

The file is no longer getting quarantined, so I believe that you already fixed it some time ago. Maybe you just didn't know that you did it. Thank you anyway! :-)

You're right, this false detection was reported to us a couple of weeks ago and we were able to fix it then :)

Thanks for sending us the file though, it should no longer be accidentally detected from now on.

Regards

Link to post
Share on other sites
  • Staff
thisisu

thisisu

Posted
  • Staff
Posted
1 hour ago, SupremeMystique said:

I've gotten this detected just today. Are you sure it's a false positive. I read that it does click fraud( http://www.bleepingcomputer.com/virus-removal/remove-kovter-trojan). I quarantined it immediately. What do you think I should do? 

Are you sure you had the same file SrITAssociate reported to us as a false positive? If it's the same, you should be fine as it was indeed a false positive.

Show us your MBAM log so we can point you in the right direction. Here's a guide on how to obtain it: HERE

Link to post
Share on other sites
SupremeMystique

SupremeMystique

Posted
Posted
On 5/21/2016 at 2:54 PM, thisisu said:

Are you sure you had the same file SrITAssociate reported to us as a false positive? If it's the same, you should be fine as it was indeed a false positive.

Show us your MBAM log so we can point you in the right direction. Here's a guide on how to obtain it: HERE

I'm not sure about the first part of your question. Here's the log.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-05-21
Scan Time: 1:09 PM
Logfile: trojanlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.21.03
Rootkit Database: v2016.05.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: pahmadi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300512
Time Elapsed: 3 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Kovter.Generic, C:\Users\pahmadi\AppData\Local\Temp\is-9M3NN.tmp\wintb.dll, Quarantined, [a9de1ebab0e940f6720bb71d12efe41c], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Staff
thisisu

thisisu

Posted
  • Staff
Posted

It does look like a false positive. Just to be sure, please attach the file as well.

How to restore a file from Quarantine:

If you suspect an object of being a false positive but it has already been quarantined, you may need to restore the object from quarantine in order to provide it to the Research team for analysis.

  • Open Malwarebytes Anti-Malware and access the Quarantine tab
  • Click once on the object you wish to restore in order to select it
  • Click on the Restore button and the object will be removed from quarantine and put back into its original location where it was first detected by Malwarebytes Anti-Malware

Then zip and attach it here for review.

Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept