Jump to content

Windows 1709 SMB1 as a Malware: false positive or real Trojan ?


Recommended Posts

I'm not sure in which place I must put this discussion on the forum since I can't tell if I have indeed been hit by a real Malware or if it is a false positive.

Just got the new Creators Update yesterday and today when I do run a Scan with Malwarebytes I got 9 hits with "Trojan.Agent.TskLnk" all linked to Windows SMB1 HKEY or files.

Did a Quarantine and now system is clean.

Side note: Zemana and Defender did not detect a thing.


1) Is it false or not ?

2) If instead of Quarantine I delete the files, does that mean I can't use SMB1 anymore on my network ? (I got a ShieldTV that sadly needs SMB1 if I recall correctly)


Malwarebytes report.txt

Link to post
Share on other sites

Okay, you're going to fix it. Does that mean that we should restore the quarantined files that Malwarebytes removed? If you fix it, does that mean you will put these files back? Does it mean you will stop it from quarantining said files? Please Explain what we should do right now while awaiting your next database update. Thanks.

Link to post
Share on other sites

  • Staff

Hi @apch50 -

This was fixed in the following database versions:

MBAM2 Version: v2017.10.19.05
MBAM3 Version: 1.0.3049


By fix, we mean address in a database which would then be released to Malwarebytes installations.

Fixing the database does not put the files back.

Update your database, restore from Quarantine, and this detection should no longer occur.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.