Jump to content

False positive (SkyNet)

serwar

By serwar
in File Detections

 Share

Recommended Posts

  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Interesting. This one even uses the same driver name as mentioned on the Symantec site, however, in your case, it runs from the system32\drivers folder.

In case of the one mentioned on the Symantec site, it runs from the Windows folder.

I'll pass this on so we can fix this in a way while we still detect the bad one.

Link to post
Share on other sites
  • 2 weeks later...
leeds6

leeds6

Posted
Posted
Interesting. This one even uses the same driver name as mentioned on the Symantec site, however, in your case, it runs from the system32\drivers folder.

In case of the one mentioned on the Symantec site, it runs from the Windows folder.

I'll pass this on so we can fix this in a way while we still detect the bad one.

06/09/2009 18:28:20

mbam-log-2009-09-06 (18-28-20).txt

Scan type: Quick Scan

Objects scanned: 101970

Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_DRVFLTIP (Rogue.UnVirex) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp (Rogue.UnVirex) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVFLTIP (Rogue.UnVirex) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DrvFltIp (Rogue.UnVirex) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SkyNet (Trojan.Agent) -> Quarantined and deleted successfully.

first post and moaning already but is there any news of a fix for this because around the planet there are tens if not hundreds of thousands of skystar2 users ,just used mbytes somebody told me it was good gear ,but as you can tell by the above log it took out my skynet dll which is needed to drive this satellite card http://www.technisat.com/index381f.html?na...ducts,en,76-174 and now i'm gonna have to searching round my place for the install disc or someplace on the net to download this driver again ....when did this skynet trojan first appear because i have used these cards for years with no problem from trojan or spyware soft

cheers people

Link to post
Share on other sites
leeds6

leeds6

Posted
Posted
That scan log has been modified , please post a full unaltered log .

The key component is missing .

modified by who or what i am not a tech head or coder i just posted what was in the mbytes log i have no clue what you are talking about the only other soft running on my pc at the time were symantec antivirus 10.1.1.5 and ashampoo firewall are these incompatable with mbytes

cheers people

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted
modified by who or what i am not a tech head or coder i just posted what was in the mbytes log i have no clue what you are talking about the only other soft running on my pc at the time were symantec antivirus 10.1.1.5 and ashampoo firewall are these incompatable with mbytes

cheers people

There were some FPs fixed on this one already and there is no way to verify if this is a new or old problem here as the version # and definitions # have been edited out of the scan log . If you can get me a current log with that part included I will have a starting point to work with .

Link to post
Share on other sites
leeds6

leeds6

Posted
Posted
There were some FPs fixed on this one already and there is no way to verify if this is a new or old problem here as the version # and definitions # have been edited out of the scan log . If you can get me a current log with that part included I will have a starting point to work with .

Malwarebytes' Anti-Malware 1.40

Database version: 2748

Windows 5.1.2600 Service Pack 2

06/09/2009 22:23:49

mbam-log-2009-09-06 (22-23-49).txt

Scan type: Quick Scan

Objects scanned: 1

Time elapsed: 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

there you go pal this log is a couple of hours after with version no and defs left at the top the report is clean but i hadnt put the driver back yet

cheers

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.