Jump to content

Rogue.SmartProtector = false positive?


mynorgeek

Recommended Posts

Malwarebytes' Anti-Malware 1.39

Database version: 2533

Windows 5.1.2600 Service Pack 3

7/30/2009 5:12:34 PM

mbam-log-2009-07-30 (17-12-30).txt

Scan type: Quick Scan

Objects scanned: 94611

Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken. [3742513036276137806886787079858401667969015270858574797284613477770154847083846

13481817774686685748079013766856661467468838084807185614670697466014279697089]

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Running on old box with XP pro

Installed ok over prior beta.

Rebooted as requested.

Update run after (new) start.

Updated ok.

Invoked a quick scan.

Tagged a couple of items for "Rogue SmartProtector" {what is that ? )

declined the fix and ignored

Log below

Malwarebytes' Anti-Malware 1.40

Database version: 2533

Windows 5.1.2600 Service Pack 2

07/30/2009 07:10:19 PM

mbam-log-2009-07-30 (19-09-48).txt

Scan type: Quick Scan

Objects scanned: 97332

Time elapsed: 24 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken.

Files Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db (Rogue.SmartProtector) -> No action taken.

Link to post
Share on other sites

Hi All

same issue here

Malwarebytes' Anti-Malware 1.39 (Italian )

Versione del database: 2533

Windows 6.0.6002 Service Pack 2

31/07/2009 2.11.49

mbam-log-2009-07-31 (02-11-49).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 80951

Tempo trascorso: 2 minute(s), 45 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Elementi dato del registro infetti: 0

Cartelle infette: 1

File infetti: 0

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

Cartelle infette:

C:\ProgramData\Microsoft\Media Index (Rogue.SmartProtector) -> Quarantined and deleted successfully.

File infetti:

(Nessun elemento malevolo rilevato)

Any idea?

Thanks in advance

Regards

Link to post
Share on other sites

I just ran a qucik scan: and got 3 hits -- just like the post above, any advice, F/P?

Malwarebytes' Anti-Malware 1.40

Database version: 2533

Windows 5.1.2600 Service Pack 3

7/30/2009 5:49:02 PM

mbam-log-2009-07-30 (17-48-51).txt

Scan type: Quick Scan

Objects scanned: 93005

Time elapsed: 8 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken.

Files Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db (Rogue.SmartProtector) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.lrd (Rogue.SmartProtector) -> No action taken.

Link to post
Share on other sites

@ yardbird and all

It seems like this is happening to a lot of people.

Yardbird is the third I think in the beta thread to get this hit and then two people below have it as well.

http://www.malwarebytes.org/forums/index.p...mp;#entry104547

I am also curious to know if its a false positive and if it is if it can be removed from quarantine?

Link to post
Share on other sites

Just an FYI not related to the beta, I've just had Jean (JeanInMontana) get in touch with me with an MBAM log, and one of the F/P's was the same as listed above;

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken

I've asked for a developers log.

/edit

I should mention, she's not using the beta - she's using the "normal" version (not sure why she didn't just post in the forums .......)

Link to post
Share on other sites

Well,

I scanned my desktop PC with XP PRO SP 3 too and got the same result:

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken.

I scanned my laptop running Vista with SUPERAntiSpyware free and Windows Defender which found no malware.

I think it is a false positive.

I'll put into the ignore list this folder until a fix will be issued.

Thank you <_<

Link to post
Share on other sites

I just did an update and scan 10 minutes ago, before i saw these posts that there might find a false positive. Here is the log. Is this a false positive? If so, is it something that is needed and can i restore it from the Quarantine file?

Malwarebytes' Anti-Malware 1.39

Database version: 2533

Windows 5.1.2600 Service Pack 3

7/30/2009 5:58:34 PM

mbam-log-2009-07-30 (17-58-34).txt

Scan type: Quick Scan

Objects scanned: 96540

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> Quarantined and deleted successfully.

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

@ mc42

I am wondering the same thing.

What is (Rogue.SmartProtector) used and needed for. If it were removed and not put back what harm to a computer could there be?
Link to post
Share on other sites

PS: What is (Rogue.SmartProtector) used and needed for. If it were removed and not put back what harm to a computer could there be?

The folder that is supposedly infected is named Media Index. As was pointed out a bit earlier, it is an empty folder. Rogue.SmartProtector is the name of the malware.

Link to post
Share on other sites

sorry for the delay--developer log as requested:

Malwarebytes' Anti-Malware 1.40

Database version: 2533

Windows 5.1.2600 Service Pack 3

7/30/2009 6:49:26 PM

mbam-log-2009-07-30 (18-49-22).txt

Scan type: Quick Scan

Objects scanned: 92904

Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index (Rogue.SmartProtector) -> No action taken. [3742513036276137806886787079858401667969015270858574797284613477770154847083846

13481817774686685748079013766856661467468838084807185614670697466014279697089]

Files Infected:

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db (Rogue.SmartProtector) -> No action taken. [3742513036276137806886787079858401667969015270858574797284613477770154847083846

13481817774686685748079013766856661467468838084807185614670697466014279697089]

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.lrd (Rogue.SmartProtector) -> No action taken. [3742513036276137806886787079858401667969015270858574797284613477770154847083846

13481817774686685748079013766856661467468838084807185614670697466014279697089]

Link to post
Share on other sites

I am fixing this right now .

Sorry that i don't know much about computers, so i have to ask. When you say you are fixing it right now, that means it is a false positive, and by you fixing it , it means that scans done after the fix will not pick this up to quarantine and deleat it? If that is the case since i quarantined and deleted it from my scan, is that quarantine something i should restore.

Also, from here http://www.superantispyware.com/blog/ it says

New Rogue : Smart Protector

July 30th, 2009

Smart Protector is a new/updated rogue. We have updated our definitions to detect and remove all traces of this rogue.

which makes it sound as if superantispyware is saying it is not a false positive.

Link to post
Share on other sites

Thanks Mystery!

It's safe to restore it from quarantine then? :unsure:

You can remove it from quarantime (aslong as you restore it, and don't actually delete it <_<)
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.