Jump to content
Jeji

Nvidia Ontology.dll detected as Trojan

Recommended Posts

Hello,

About a half hour ago I booted up my computer and my Malwarebytes gave me a heads up about a malware being blocked located in "NVIDIA/NvBackend/ApplicationOntology/Ontology.dll"

I looked around and saw that 15 minutes ago people are reporting this too on the geforce forums slowly that their Malwarebytes is too. is there an infection going on and is my computer now infected?

I am deeply sorry if this is the wront forum/section to ask/report this in but im not sure how to treat this and I am worried this is a malware infection on my computer right now.

Share this post


Link to post
Share on other sites

I just had the same thing come up.
Some reports from users on the nvidia forums appear to indicate virus total scans come back clean, but I don't really want to unquarantine to zip and submit just in case. 
Came up as Trojan Crypt for me. 

Apparently it has something to do with Geforce Experience, as users are reporting it's not working after quarantine (not detecting games or something), but the drivers appear to be fine. 

Edited by welbot

Share this post


Link to post
Share on other sites

Saw this too. Removed it before I thought to check online (oops). It's now reporting another ten files as infected. Opened up a thread in the false positives section.

Share this post


Link to post
Share on other sites

Have the "trojan" as well and I would say it looks like false positive but better wait for one of the malwarebytes employees for confirmation I mean there was a vulnerability in part of the nvidia driver at the end of the day as far as I remember. This is the file https://www.virustotal.com/en/file/39e2df03737c3429fcb7c44055d2cede0f64d0e6ebbd1987a57242fd643a570e/analysis/1507335479/ it's referring to. 

Share this post


Link to post
Share on other sites

I received the same threat as well on two separate computers at the same time, one for gaming and one for work. I called a friend (Who also had Malwarebytes and Nvidia Experience) asking him to run a scan; he received the same threat. Looking like a false positive, but would like to hear from a staff member to be safe.

Share this post


Link to post
Share on other sites

I got the same message. C:\Users\Administrator\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll was quarantined.

File version 36.0.5.1

File signed by NVIDIA Corporation 2017-OCT-06 16:42:53 (Issued by VeriSign Class 3 Code Signing)

Strange thing is that I did not install any NVIDIA graphics drivers /software on or after this date. (Today/yesterday based on your time zone)

 

https://www.virustotal.com/en/file/39e2df03737c3429fcb7c44055d2cede0f64d0e6ebbd1987a57242fd643a570e/analysis/1507336836/

Edited by TheQuickFox

Share this post


Link to post
Share on other sites

Hi everyone,

This was a false positive and has been fixed in the following database versions

MBAM2 Version: v2017.10.07.01
MBAM3 Version: 1.0.2967

Please update your database and restore the file from quarantine if needed. Sorry for the false alarm everyone.

 

Share this post


Link to post
Share on other sites

So if malwarebytes detected 2 matches with ontology.dll as "trojan.crypt" i don't need to worry it's not danger in any way yes?

Share this post


Link to post
Share on other sites

No, that file is not dangerous. The detection was a false positive (which was fixed) which means we detected a file we should not have.

You can safely de-quarantine it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.