Jump to content

false positive?

Tholl

By Tholl
in File Detections

 Share

Recommended Posts

Tholl

Tholl

Posted
Posted

guess this is a false positive rogue "safe fighter" trojan, identified by heuristic analysis at the end of scan, apparently related to the program " http://www.newsoftwares.net/folderlock/  .
no false "safe fighter" alerts, and tried to locate it in the registry through scan but to no avail.  if I uninstall "folder lock"  the scan no longer identifies the rogues.

Here the log:

Version: 2.2.1.1043
Malware Database: v2016.11.24.10
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: [..]

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312800
Time Elapsed: 4 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
Rogue.SafeFighter, c:\users\[..]\desktop\safefighter.lnk, Delete-on-Reboot, [b169cdf7bfdb4ee851c2818b57ab46ba],
Rogue.SafePcAv, c:\users\[..]\desktop\safepcav.lnk, Delete-on-Reboot, [b36773518f0b1026bf5558b42cd66799],
Rogue.SafetyKeeper, c:\users\[..]\desktop\safetykeeper.lnk, Delete-on-Reboot, [24f67b4902987db955c0a567c0424db3],
Rogue.SafetyPC, c:\users\[..]\desktop\safetypc.lnk, Delete-on-Reboot, [22f8f0d4e3b73600e4324cc039c99c64],
Rogue.SafeVaccine, c:\users\[..]\desktop\safevaccine.lnk, Delete-on-Reboot, [0d0d972da9f18fa7a77036d6c73b4db3],
Rogue.SafePrivate, c:\users\[..]\desktop\safeprivate.lnk, Delete-on-Reboot, [86949b29e4b6a78f246a98a5c141926e],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

There's some incompatibility issue with Folderlock and malwarebytes causing "ghost detections".

That's why I recommend to exclude the directories you've put "folder lock" on from Malwarebytes scan. After all, since you've put a lock on these, malware won't be able to get in there either since you've locked access for these.

Link to post
Share on other sites
Tholl

Tholl

Posted
  • Author
Posted

Tks for the prompt reply.  Actually fool I am I had been duped by the log giving the ' c:\users\[..]\desktop\ ' path, and looked all over to find the Folderlock directory to scan and if positive exclude - except for the obvious place under 'c\program files....'. Now the exclusion works. Cheers.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.