Virus False Positive? Trojan.ServStart

[jerrycopper]

This appears to be a false positive Trojan as I have two other computers that do not have this critter. It came as a popup notified me that there is an upgrade. My other computers updated but this one doesn't. 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/13/18
Scan Time: 6:41 PM
Log File: 11bab302-2718-11e8-8a1c-5435301f5f7c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.4340
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: [deleted name]

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 243173
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 13 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.ServStart, C:\WINDOWS\SYSTEM32\WERFAULT.EXE, Quarantined, [136], [500192],1.0.4340

Physical Sector: 0
(No malicious items detected)

(end)

Please advise.

[Malwarebytes]

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Farbar Recovery Scan Tool (FRST)
  1. Download FRST and save it to your desktop
     Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
     • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
• MB-Check
  1. Download MB-Check and save to your desktop
  2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
  3. This will produce one log file on your desktop: mb-check-results.zip
     • This file will include the FRST logs generated from the previous set of instructions
     • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

• Renewals
• Refunds (including double billing)
• Cancellations
• Update Billing Info
• Multiple Transactions
• Consumer Purchases
• Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

[jerrycopper]

FRST.txt       Addition.txt

mb-check-results.zip

[exile360]

Greetings,

Yes, this was confirmed a false positive recently.  Updating your database should resolve the issue, but if you can't then for now just don't quarantine the file.

To install the latest version you can try downloading it from here and installing it.  Make sure you're logged into the computer as an administrator before proceeding.

Hopefully that will allow you to perform the upgrade/get the latest version installed.

Please let us know if the issue is still unresolved.