Jump to content

Inno Setup XDELTA Patch Maker - Trojan.Kobter False Positive


rufaceh

Recommended Posts

So, there's this awesome free binary patch maker called Inno Setup XDELTA Patch Maker (ISXDPM) that I'm pretty sure is clean considering it's hosted on softpedia and there isn't any trace of Kovter after using this tool or patches made with it, but nevertheless any patch produced with it and even the tool itself are being detected by MBAM as Trojan.Kovter. Log file and patch example attached. Here's a link to this program: http://www.softpedia.com/get/Programming/Patchers/Inno-Setup-XDELTA-Patch-Maker.shtml  MBAM detects it as soon as the tool or patch are started.

ISXDPM.patch.example.and.log.part1.rar

ISXDPM.patch.example.and.log.part2.rar

Link to post
Share on other sites

Hi and welcome to the forums,

I need a little more information here as I'm unable to reproduce the detection with our most recent database. This was reported to us and fixed a few days ago as far as I know. But just to make sure, please update your database. If the program is still being detected, attach the "wintb.dll" file that's in quarantine. A guide on how to restore files from quarantine can be found here.

Quote

Detection, 29.05.2016 04:52, SYSTEM, AN7H_PC, Protection, Malware Protection, File, Trojan.Kovter.Generic, C:\Users\An7ithe0s\AppData\Local\Temp\is-SH0AL.tmp\wintb.dll, Quarantine, [377a25b4e9b0999dc305577db05159a7]
Detection, 29.05.2016 04:52, SYSTEM, AN7H_PC, Protection, Malware Protection, File, Trojan.Kovter.Generic, C:\Users\An7ithe0s\AppData\Local\Temp\is-ELC9A.tmp\wintb.dll, Quarantine, [5160d9009ffae74f5e6a32a236cb18e8]

Either one of those that I quoted above should work if they still exist.

Thanks

Link to post
Share on other sites

Thanks for attaching the file, we've come across this one before and it's already on our whitelist. If there's still an issue after you've reinstalled the program, I'd recommend uninstalling the Inno Setup XDELTA Patch Maker program once again, and then deleting all existing MBAM logs by going to History -> Application Logs -> Delete All. Once you've done that, try reinstalling the program. Let me know how it goes and if you need any additional assistance.

Regards

Link to post
Share on other sites

@thisisu
No, I meant reinstalling MBAM. ISXDPM is distributed in a regular archive. It doesn't have an installer. Either way, reinstalling MBAM fixed this issue. My guess something happened with my database and a clean install fixed this issue. I did delete MBAM with Revo Uninstaller Pro, though, to completely delete everything, including registry keys and stuff. I suppose it wasn't necessary to do it that way, but I'm just used to do it like that already, so whatever.

Anyway, thanks for the support. Love your product, guys! Peace out!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.