Windows 1709 SMB1 as a Malware: false positive or real Trojan ?

[oyug]

I'm not sure in which place I must put this discussion on the forum since I can't tell if I have indeed been hit by a real Malware or if it is a false positive.

Just got the new Creators Update yesterday and today when I do run a Scan with Malwarebytes I got 9 hits with "Trojan.Agent.TskLnk" all linked to Windows SMB1 HKEY or files.

Did a Quarantine and now system is clean.

Side note: Zemana and Defender did not detect a thing.

Question:

1) Is it false or not ?

2) If instead of Quarantine I delete the files, does that mean I can't use SMB1 anymore on my network ? (I got a ShieldTV that sadly needs SMB1 if I recall correctly)

 

Malwarebytes report.txt

[Atribune]

Hi oyug,

This does appear to be a false positive, it will be fixed in the next database update.

Thank you

[apch50]

Okay, you're going to fix it. Does that mean that we should restore the quarantined files that Malwarebytes removed? If you fix it, does that mean you will put these files back? Does it mean you will stop it from quarantining said files? Please Explain what we should do right now while awaiting your next database update. Thanks.

[tetonbob]

Hi @apch50 -

This was fixed in the following database versions:

MBAM2 Version: v2017.10.19.05
MBAM3 Version: 1.0.3049

 

By fix, we mean address in a database which would then be released to Malwarebytes installations.

Fixing the database does not put the files back.

Update your database, restore from Quarantine, and this detection should no longer occur.