Jump to content

smartsvn 9.1.2 appdata false trojan.fileless


lcbrevard
 Share

Recommended Posts

I have SmartSVN Pro 9.1.2 #5050 on Windows 10 Pro. 

Last night Malwarebytes Anti-Malware Home (Premium) 2.2.1.1043 decided that 271 files and 51 folders in ... 

C:\Users\Laurence\AppData\Roaming\SmartSVN\ 

... have the Trojan.Fileless in them. 

That seems unlikely. 

I am assuming this is a false positive with Malwarebytes but I would like to know if anyone else is seeing something like this. 

I updated the database, exited MBAM, ran MBAM /DEVELOPER, and rescanned the ...\SmartSVN\ folder above.

I have attached the log file from that scan.

Since the entire SmartSVN folder was detected I created a two part (to stay under 30MB per file) .rar of everything in it.
 

20161023-Malwarebytes-claims-SmartSVN-trojan-developer.txt

SmartSVN.part2.rar

SmartSVN.part1.rar

Link to post
Share on other sites

G'day

I got into work today where we have MalwareBytes Anti-Malware Premium installed, and I've encountered the same as the topic starter here.

The MalwareBytes Anti-Malware has picked up that every single file and folder within the C:\Users\<name>\AppData\Roaming\SmartSVN\ directory as being Trojan.Fileless. And this is across three different user accounts on this machine, one of which has only been logged into once 2-3 weeks ago. It would seem that this has not been fixed just yet, from what I can tell.

I made sure that my MBAM was fully up to date, rebooted my computer, and rescanned the computer as per the above post and have received the exact same results - picking up all SmartSVN files/folders in that directory as Trojan.Fileless. As per the topic starter, I find it highly unlikely that these are all infected with Trojan.Fileless (649 'threats' picked up in my case) and it looks as though it is a false positive in detecting.

Please advise if there is anything I should do to help resolve this issue. Thanks.

Link to post
Share on other sites

Same issue here. Malwarebytes quarantined all the files. After that I ran Malwarebytes again and the same trojan was actually detected in some files in the malwarebytes folder.  After cleaning those out I did a full scan with Windows Defender and no additional issues were detected.

After confirming everything was clean, I reinstalled SmartSVN 9.1.2, and the trojan.fileless files were back in there again. Malwarebytes database version 2016.10.24.01

Link to post
Share on other sites

 

21 hours ago, shadowwar said:

This was already fixed. Can you reboot and rescan that folder?

 

 

It's not fixed here yet!

I did a complete shutdown, restart, updated Malwarebytes, but...

Another scan of  C:\Users\Laurence\AppData\Roaming\SmartSVN\  is still claiming every single file and folder is infected with Trojan.Fileless

See attached "Save Results" from Total Threats Detected: 312 screen.

20161024-Malwarebytes-claims-SmartSVN-trojan-scanlog.txt

Link to post
Share on other sites

  • Staff
11 hours ago, CJohnstone said:

G'day

I got into work today where we have MalwareBytes Anti-Malware Premium installed, and I've encountered the same as the topic starter here.

The MalwareBytes Anti-Malware has picked up that every single file and folder within the C:\Users\<name>\AppData\Roaming\SmartSVN\ directory as being Trojan.Fileless. And this is across three different user accounts on this machine, one of which has only been logged into once 2-3 weeks ago. It would seem that this has not been fixed just yet, from what I can tell.

I made sure that my MBAM was fully up to date, rebooted my computer, and rescanned the computer as per the above post and have received the exact same results - picking up all SmartSVN files/folders in that directory as Trojan.Fileless. As per the topic starter, I find it highly unlikely that these are all infected with Trojan.Fileless (649 'threats' picked up in my case) and it looks as though it is a false positive in detecting.

Please advise if there is anything I should do to help resolve this issue. Thanks.

 

10 hours ago, Deecey said:

Same issue here. Malwarebytes quarantined all the files. After that I ran Malwarebytes again and the same trojan was actually detected in some files in the malwarebytes folder.  After cleaning those out I did a full scan with Windows Defender and no additional issues were detected.

After confirming everything was clean, I reinstalled SmartSVN 9.1.2, and the trojan.fileless files were back in there again. Malwarebytes database version 2016.10.24.01

 

2 hours ago, lcbrevard said:

 

It's not fixed here yet!

I did a complete shutdown, restart, updated Malwarebytes, but...

Another scan of  C:\Users\Laurence\AppData\Roaming\SmartSVN\  is still claiming every single file and folder is infected with Trojan.Fileless

See attached "Save Results" from Total Threats Detected: 312 screen.

20161024-Malwarebytes-claims-SmartSVN-trojan-scanlog.txt

Hello,

Sorry for the inconvenience here. Can you update to database version v2016.10.24.07 and let us know if this has been fixed or not?

Regards

Link to post
Share on other sites

7 hours ago, lcbrevard said:

 

It's not fixed here yet!

I did a complete shutdown, restart, updated Malwarebytes, but...

Another scan of  C:\Users\Laurence\AppData\Roaming\SmartSVN\  is still claiming every single file and folder is infected with Trojan.Fileless

See attached "Save Results" from Total Threats Detected: 312 screen.

20161024-Malwarebytes-claims-SmartSVN-trojan-scanlog.txt

Now on Database Version: v.2016.10.24.10 and the problem is fixed.

Onward... :-)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.