Jump to content

Possible FP - Heuristics.Shuriken Detection for XM7750P.DLL


lmacri

Recommended Posts

A MB v3.3.1 Full System Scan (database v1.0.3568 with rootkit scanning enabled) detected a file named XM7750P.dll today as Heuristics.Shuriken on my 32-bit Vista SP2 computer.

What little information I've been able to find at http://www.fileinspect.com/fileinfo/xm7750p-dll/ indicates it's a safe printer plugin developed by Xerox.  I restored the file and attached it as a zipped file below, and although the file now has a Date Created of 27-Dec-2017 there are multiple files named XM*.dll in the same directory that all have a Date Created of 02-Nov-2006.

     MB Scan Log for 27-Dec-2017:  MB v3_3_1 Scan Log Heuristics_Shuriken XM7750P_dll 27 Dec 2017.txt
     Attached file:                                     XM7750P.zip

File: 1
Heuristics.Shuriken, C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNXX001.INF_87A0607D\I386\XM7750P.DLL, Quarantined, [1672], [167],1.0.3568

5a444055d6e8a_FileXM7750_dllProperties.png.4c2c6ef35d5a5e586c1eecebbc8111e7.png

----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.5.2 * NS Premium v22.11.2.7 * MB Premium v3.3.1.2183-1.0.262
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri
Link to post
Share on other sites

Hi Atribune:

I tried scanning XM7750P.dll using two different methods with the latest database v1.0.3572 definition set and didn't see a detection with these new scans.

Method 1:  Right-click single file XM7750P.dll and choose Scan with Malwarebytes from context menu.
    Scan Log (0 detections):  MB v3_3_1 Scan Log Single File XM7750P_dll 27 Dec 2017.txt

Method 2: Create custom scan and scan all 626 files in folder C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNXX001.INF_87A0607D\I386\ where XM7750P.dll is located.
    Scan Log (0 detections):  MB v3_3_1 Scan Log Folder Scan PRNXX001_INF_87A0607D DriverStore 27 Dec 2017.txt

I don't know if it makes any difference, but I should note that when I ran my original full system scan (i.e., with the Heuristics.Shuriken detection) that rootkit scanning was enabled and I ran that scan after booting into Safe Mode (Without Networking). That full system scan scan ran for over 7 hours so I'd prefer not to have re-run that entire full system scan again under the same conditions unless you think it's absolutely necessary.
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.5.2 * NS Premium v22.11.2.7 * MB Premium v3.3.1.2183-1.0.262
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Edited by lmacri
Link to post
Share on other sites

Hi Atribune:

Cheers, and thank you for the prompt response.

Out of curiosity, do you know why this XM7750P.dll file was detected in the first place?  Do you think there was a temporary glitch during the heuristics scan, or were you able to confirm this was false positive detection that had to be white-listed in the latest definition set?
----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.5.2 * NS Premium v22.11.2.7 * MB Premium v3.3.1.2183-1.0.262
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.