visage Posted October 8, 2016 ID:1065846 Share Posted October 8, 2016 My MB History has flagged C:/Windows/System32/drivers/nvlddmkm.sys as an Unknown Rootkit Driver, can anybody tell me as to whether this is actually a False Positive or not. Link to post Share on other sites More sharing options...
thisisu Posted October 8, 2016 ID:1065855 Share Posted October 8, 2016 Hello visage, We need more information about this potential false positive. Please read: Link to post Share on other sites More sharing options...
Staff miekiemoes Posted October 8, 2016 Staff ID:1065879 Share Posted October 8, 2016 Hi, If the scanner sees a legitimate file as "Unknown.Rootkit.Driver", then this means there's probably indeed a rootkit present (as we have seen with certain old 0access variants) where the files are "forged" by the rootkit. Meaning, reads through WinAPI differs from the contents readen through low-level disk access. In such cases, malwarebytes fixes this and restores this with a "clean" one. It doesn't always mean that you were indeed dealing with a rootkit. We've seen some other cases as well causing files to be forged (by some legitimate software - eg: Rollback Rx PC or Zemana) Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now