Jump to content

[ok now] Possible FP (not IP)


Falkra

Recommended Posts

Hi, I have a user on a forum who gets continuous Vundo.Variant detection. I looked and saw no Vundo remains on the machine.

Here is the dev log :

Malwarebytes' Anti-Malware 1.40

Version de la base de donn

Link to post
Share on other sites

I am unable to locate any instances where these were not deleted by forum helpers and/or attached to malware files .

It is likely that these keys were part of the "immunization" that another vendor was doing for a while .

To delete these please reset their permissions first and then run another scan , this will correct the issue .

Link to post
Share on other sites

Ok, I'll do that (with RegAssassin). I'll tell the user (he thought he had Vundo but couldn't find it).

Thanks for your attention. :)

Link to post
Share on other sites
Ok, I'll do that (with RegAssassin). I'll tell the user (he thought he had Vundo but couldn't find it).

Thanks for your attention. :)

I don't think reg assassin will work here , there are DACL and ACL issues with the "immunization" . I was using subinacl to fix these before , we had quite a ot of them .

Link to post
Share on other sites
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.