trojan Rainmeter's NIRCMD is a Trojan.Kovter?

[Heavyoak]

File: 2
Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE, Quarantined, [85], [373227],1.0.1324
Trojan.Kovter, C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMD.EXE, Quarantined, [85], [373227],1.0.1324

 

the folder and other file in it were created in 2015, so i'm doubting this detection, but I quarantined anyway. 

 

full log file is attached, along with a zip of "NirCmd.chm", the only other file that was in the folder.

nircmd trojan 2-22-17.txt

NirCmd.zip

[sUBs]

Hello. For false positives, we would require a developer's log.

Kindly follow the instructions detailed here : http://forums.malwarebytes.org/index.php?showtopic=3228

Also dequarantine the following files and zip/attach them to your next reply.

C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMD.EXE

C:\USERS\HEAVYOAK\APPDATA\ROAMING\RAINMETER\ADDONS\NIRCMD\NIRCMDC.EXE

Edited February 23, 2017 by sUBs

[Heavyoak]

the full log file is already attached to my first post and the forum won't let me attach the .json log file.

 

as for restoring, uh no. I am not restoring potential trojans. tell me how to pull copies of the contained files from the mban vault and I will send you that in a zip.

 

edit: I found on my own the vault and zipped the files. the zip is attached.

c02f73b6-f918-11e6-a141-e0469a2ce99f.zip

 

edit2: the .json log as a zip and a screenshot.

f6bad49e-f917-11e6-9533-e0469a2ce99f.zip

Edited February 23, 2017 by Heavyoak
added zips and image

[sUBs]

Hello, this is a False Positive which was fixed earlier. You can safely dequarantine the files. Then update mbam's database and do a rescan. They shouldn't be detected anymore