Zygor Guides

[Raven2043]

I use Zygor Guides, which is a leveling guide for World of Warcraft and have used it for years without a single problem, now Malwarebytes  says parts of it are a rootkit which in my opinion is not the case. I have included the report.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/9/18
Scan Time: 2:29 AM
Log File: 01f1ab7d-0d6b-11e8-a593-6e626dc6f483.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3905
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 265132
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 9 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Rootkit.Fileless.MTGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Zygor Guides Client, No Action By User, [1294], [327457],1.0.3905

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Rootkit.Fileless.MTGen, C:\USERS\JOHN\APPDATA\LOCAL\ZYGOR\STARTUP.BAT, No Action By User, [1294], [327457],1.0.3905

Physical Sector: 0
(No malicious items detected)

(end)

[thisisu]

Hi,

Thanks for reporting. Yes, it looks like a false positive. However, this is a generic rule that has been in the database for over a year. So I'm thinking something with Zygor guide's was updated and therefore it is now detected by us. We'll see what we can do on our end to avoid further wrongful detection. In the meantime, I recommend adding these detections to your exclusions list. Here's how: https://support.malwarebytes.com/docs/DOC-1130