Jump to content

Is this a False Positive


Recommended Posts

  • Staff


If the scanner sees a legitimate file as "Unknown.Rootkit.Driver", then this means there's probably indeed a rootkit present (as we have seen with certain old 0access variants) where the files are "forged" by the rootkit. Meaning, reads through WinAPI differs from the contents readen through low-level disk access. In such cases, malwarebytes fixes this and restores this with a "clean" one.
It doesn't always mean that you were indeed dealing with a rootkit. We've seen some other cases as well causing files to be forged (by some legitimate software - eg: Rollback Rx PC or Zemana)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.