Heavyoak Posted February 23, 2017 ID:1103812 Share Posted February 23, 2017 File: 2 Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE, Quarantined, [85], [373227],1.0.1324 Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMD.EXE, Quarantined, [85], [373227],1.0.1324 the folder and other file in it were created in 2015, so i'm doubting this detection, but I quarantined anyway. full log file is attached, along with a zip of "NirCmd.chm", the only other file that was in the folder. nircmd trojan 2-22-17.txt NirCmd.zip Link to post Share on other sites More sharing options...
sUBs Posted February 23, 2017 ID:1103822 Share Posted February 23, 2017 (edited) Hello. For false positives, we would require a developer's log. Kindly follow the instructions detailed here : http://forums.malwarebytes.org/index.php?showtopic=3228 Also dequarantine the following files and zip/attach them to your next reply. C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMD.EXE C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE Edited February 23, 2017 by sUBs Link to post Share on other sites More sharing options...
Heavyoak Posted February 23, 2017 Author ID:1103823 Share Posted February 23, 2017 (edited) the full log file is already attached to my first post and the forum won't let me attach the .json log file. as for restoring, uh no. I am not restoring potential trojans. tell me how to pull copies of the contained files from the mban vault and I will send you that in a zip. edit: I found on my own the vault and zipped the files. the zip is attached. c02f73b6-f918-11e6-a141-e0469a2ce99f.zip edit2: the .json log as a zip and a screenshot. f6bad49e-f917-11e6-9533-e0469a2ce99f.zip Edited February 23, 2017 by Heavyoak added zips and image Link to post Share on other sites More sharing options...
sUBs Posted February 23, 2017 ID:1103830 Share Posted February 23, 2017 Hello, this is a False Positive which was fixed earlier. You can safely dequarantine the files. Then update mbam's database and do a rescan. They shouldn't be detected anymore Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now