Nvidia Ontology.dll detected as Trojan

[Jeji]

Hello,

About a half hour ago I booted up my computer and my Malwarebytes gave me a heads up about a malware being blocked located in "NVIDIA/NvBackend/ApplicationOntology/Ontology.dll"

I looked around and saw that 15 minutes ago people are reporting this too on the geforce forums slowly that their Malwarebytes is too. is there an infection going on and is my computer now infected?

I am deeply sorry if this is the wront forum/section to ask/report this in but im not sure how to treat this and I am worried this is a malware infection on my computer right now.

[Jaldy]

Came here to report as well.  False positive?

[welbot]

I just had the same thing come up.
Some reports from users on the nvidia forums appear to indicate virus total scans come back clean, but I don't really want to unquarantine to zip and submit just in case. 
Came up as Trojan Crypt for me. 

Apparently it has something to do with Geforce Experience, as users are reporting it's not working after quarantine (not detecting games or something), but the drivers appear to be fine. 

Edited October 7, 2017 by welbot

[zakman545]

Saw this too. Removed it before I thought to check online (oops). It's now reporting another ten files as infected. Opened up a thread in the false positives section.

[coldone]

Have the "trojan" as well and I would say it looks like false positive but better wait for one of the malwarebytes employees for confirmation I mean there was a vulnerability in part of the nvidia driver at the end of the day as far as I remember. This is the file https://www.virustotal.com/en/file/39e2df03737c3429fcb7c44055d2cede0f64d0e6ebbd1987a57242fd643a570e/analysis/1507335479/ it's referring to. 

[Sgtmarshtomp]

I received the same threat as well on two separate computers at the same time, one for gaming and one for work. I called a friend (Who also had Malwarebytes and Nvidia Experience) asking him to run a scan; he received the same threat. Looking like a false positive, but would like to hear from a staff member to be safe.

[TheQuickFox]

I got the same message. C:\Users\Administrator\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll was quarantined.

File version 36.0.5.1

File signed by NVIDIA Corporation 2017-OCT-06 16:42:53 (Issued by VeriSign Class 3 Code Signing)

Strange thing is that I did not install any NVIDIA graphics drivers /software on or after this date. (Today/yesterday based on your time zone)

 

https://www.virustotal.com/en/file/39e2df03737c3429fcb7c44055d2cede0f64d0e6ebbd1987a57242fd643a570e/analysis/1507336836/

Edited October 7, 2017 by TheQuickFox

[thisisu]

Hi everyone,

This was a false positive and has been fixed in the following database versions

MBAM2 Version: v2017.10.07.01
MBAM3 Version: 1.0.2967

Please update your database and restore the file from quarantine if needed. Sorry for the false alarm everyone.

 

[Warthog]

So if malwarebytes detected 2 matches with ontology.dll as "trojan.crypt" i don't need to worry it's not danger in any way yes?

[blender]

No, that file is not dangerous. The detection was a false positive (which was fixed) which means we detected a file we should not have.

You can safely de-quarantine it.