Jump to content

False positives on brand new Samsung N120?


King Ray

Recommended Posts

Hello,

I received a new Samsung N120 netbook yesterday from Amazon. I upgraded the RAM to 2 GB, then went through the Windows installation process, did the Windows and Samsung updates, then added Star Office. I was only on the internet for 2 hours max. I downloaded, installed and updated the free version of Malwarebytes from CNET, and during the first scan was surprised to see 12 infected items. I suspect these are false positives, but would like to be sure. I took no actions with the items, just restored them as I suspected they were FPs.

I updated McAfee this morning and ran a full scan and it found nothing, then when I got home from work tonight I updated Malwarebytes and ran a developer's scan (ran mbam.exe /developer). This time it only found two registry items only, which are associated with McAfee.

The first scan log is pasted below, folllowed by the second developer's scan. Please advise, thanks. I think these are all FPs, as I did very little surfing before the first scan (went to ebay and cnn maybe, I don't recall), and only went to supposedly safe sites.

BTW, you have a great product and I appreciate your hard work and dedication.

%%% Initial Scan %%%

Malwarebytes' Anti-Malware 1.40

Database version: 2697

Windows 5.1.2600 Service Pack 3

8/27/2009 12:47:04 AM

mbam-log-2009-08-27 (00-47-04).txt

Scan type: Full Scan (C:\|)

Objects scanned: 117728

Time elapsed: 23 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\All Users\Application Data\Partner\partner.dll (Trojan.BHO) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.

%%% Developer's Scan %%%

Malwarebytes' Anti-Malware 1.40

Database version: 2702

Windows 5.1.2600 Service Pack 3

8/27/2009 1:08:59 PM

mbam-log-2009-08-27 (13-08-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 118037

Time elapsed: 23 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615270688683748590013670798570839334798574557483868437748466677770478

0

857471903018130117]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [5138494534363830414438586445483634456446343641424738615248395356345138614674688

38084807185615270688683748590013670798570839339748370886677773774846667777047808

5

7471903018130117]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.