Jump to content

On-demand and right-click scans don't agree


Recommended Posts

Hi:

The latest updated MBAM (db 2680) on-demand Quick Scan is detecting a wmv file as infected with a trojan. I have had this file for months, am experiencing no problems, and it checks out clean at VirusTotal, so I have no doubt it is a false positive.

What interests me is why an on-demand Quick Scan by MBAM detects this file, but a right-click scan of this file only by MBAM detects no infection?

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.40

Database version: 2680

Windows 5.1.2600 Service Pack 3

22/08/2009 8:44:35 PM

mbam-log-2009-08-22 (20-44-22).txt

Scan type: Quick Scan

Objects scanned: 105034

Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\endofcivilzation.wmv (Trojan.FakeAlert) -> No action taken. [38575351343036276138473711]

Link to post
Share on other sites

Hi there. If you will relocate that file to another place; besides root, the detection should go away. If you wish to keep it in root (which isn't a good idea), then please select ignore.

Thanks

Edited by Raid
updated information
Link to post
Share on other sites

This is the 2nd time I've seen the information that right click file scan does not enable heuristics... Is this bit of information anywhere? Perhaps in the help file? If it isn't anywhere public, can we get in a sticky on the forums or in the help file please? I think that is very valuable information to know.

Just my two cents.

Keith

Link to post
Share on other sites

Raid:

Thanks- I have relocated it from root, and the detection has disappeared.

Out of curiosity, why is placing a wmv file in the root a bad idea? Is this true in general for any media file? And is this true only because of the way MBAM works?

Link to post
Share on other sites

  • Staff

Placing any file in root is a bad idea as it is both not a storage folder and is a super common location to launch malware from (this is why we are aggressive against files there) . MBAM is aggressive against files in most folders where there should not ever be user files of any kind .

Link to post
Share on other sites

another reason is because there is a limitation of how many files can be in the root. Once that limitation is reached, even if you have 200GB free on your hard drive, it will show as being full and it will not let you store anything until you clear up some space. I dont remember what that limitation is at theis time.

Link to post
Share on other sites

yes that could be, I just know folks come to me all the time cause there hard drives are full. (also flash drives). I look at the C: drive and sure enough they have all kinds of files there. These folks that I deal with have thier systems on FAT32 for some reason (in windows xp pro and home). That could be why that is happening.

Thanks for the refresher advancedsetup.....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.