Sorr Posted November 16, 2018 ID:1281611 Share Posted November 16, 2018 (edited) I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you! Results 2.txt Edited November 17, 2018 by shadowwar Link to post Share on other sites More sharing options...
Sorr Posted November 16, 2018 Author ID:1281613 Share Posted November 16, 2018 I also Checked the file on Virustotal and Malwarebytes is the only one flagging this file as malware/Trojan.Emotet.Generic. Link to post Share on other sites More sharing options...
kilrathiace Posted November 16, 2018 ID:1281615 Share Posted November 16, 2018 Hi, I have same problem started today, same exact file and registry entries show up in malwarebytes scan, when I do virustotal upload of the pid.dll I get the same results as you, the only interesting fact is the SHA256 differs for my pid.dll vs yours SHA-256 921c5495a1ca4b380cca6d5fb38b4131197d961712b7b26960cdeb1457e4e2e6 File name PID File size 37.5 KB Last analysis 2018-11-16 22:09:08 UTC Link to post Share on other sites More sharing options...
kdonovan9 Posted November 16, 2018 ID:1281617 Share Posted November 16, 2018 We are getting the same Alerts. Would love to know if this is legit or a false positive. Link to post Share on other sites More sharing options...
kilrathiace Posted November 16, 2018 ID:1281620 Share Posted November 16, 2018 Here are my results of the pid.dll located under Windows\SysWOW64 Link to post Share on other sites More sharing options...
ElectroTheDevolian Posted November 16, 2018 ID:1281621 Share Posted November 16, 2018 Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser. Link to post Share on other sites More sharing options...
honeycoughdrop Posted November 16, 2018 ID:1281622 Share Posted November 16, 2018 Also having the same issue. Will post Virustotal when scan is done. I scanned my computer yesterday and it said clean, so hopefully this is just a false positive for all of us. Link to post Share on other sites More sharing options...
ElectroTheDevolian Posted November 16, 2018 ID:1281624 Share Posted November 16, 2018 2 minutes ago, ElectroTheDevolian said: Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser. Update: pid.dll is now missing from the computer due to an attempted reboot (needless to say the computer froze because it didn't like that). It hasn't come back yet like it did the last 4 times before the reboot, so I still have a copy in quarantine thanks to that in case I need to put it back. Link to post Share on other sites More sharing options...
KatiaJ Posted November 16, 2018 ID:1281626 Share Posted November 16, 2018 I'm having the exact same files pop up as Malware out of the blue. Link to post Share on other sites More sharing options...
honeycoughdrop Posted November 16, 2018 ID:1281629 Share Posted November 16, 2018 Results from VirusTotal. Link to post Share on other sites More sharing options...
drdas Posted November 16, 2018 ID:1281637 Share Posted November 16, 2018 Me too! Link to post Share on other sites More sharing options...
Staff blender Posted November 16, 2018 Staff ID:1281646 Share Posted November 16, 2018 Thanks for reporting. An update is going out as we speak! Link to post Share on other sites More sharing options...
drdas Posted November 16, 2018 ID:1281648 Share Posted November 16, 2018 So confirmed false positive? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 16, 2018 Root Admin ID:1281650 Share Posted November 16, 2018 3 minutes ago, drdas said: So confirmed false positive? Yes, this is a false positive. We are working to push out an update that will remove the detection. Thanks Link to post Share on other sites More sharing options...
Sorr Posted November 16, 2018 Author ID:1281654 Share Posted November 16, 2018 Okay, thank you and I hope you have a good evening! Link to post Share on other sites More sharing options...
YaBoiC Posted November 16, 2018 ID:1281655 Share Posted November 16, 2018 @kdonovan9 I dropped my pid.dll into virus total and got the exact same 3 hits as you Link to post Share on other sites More sharing options...
drdas Posted November 16, 2018 ID:1281657 Share Posted November 16, 2018 Thank you! Link to post Share on other sites More sharing options...
JLA21 Posted November 16, 2018 ID:1281661 Share Posted November 16, 2018 I have the same problem. I quarantined the files just in case of it being the real deal. Is there any problem if I restore the 6 files ? Link to post Share on other sites More sharing options...
honeycoughdrop Posted November 16, 2018 ID:1281663 Share Posted November 16, 2018 1 minute ago, JLA21 said: I have the same problem. I quarantined the files just in case of it being the real deal. Is there any problem if I restore the 6 files ? Also wondering if I should restore the files. Link to post Share on other sites More sharing options...
Logus Posted November 16, 2018 ID:1281664 Share Posted November 16, 2018 I think they said the file is a false positive. But I'm wondering if the reg. keys are also false positives Link to post Share on other sites More sharing options...
Staff blender Posted November 17, 2018 Staff ID:1281665 Share Posted November 17, 2018 Hello again, Please make sure you have the following database updates! MBAM1x/2x v2018.11.16.06 was published at 11/16/2018 11:42:24 PM (UTC) MB3 1.0.7883 was published at 11/16/2018 11:56:24 PM (UTC) It was JUST published so may take a few minutes for you to see it on your machine. Thanks again for reporting! Link to post Share on other sites More sharing options...
Sorr Posted November 17, 2018 Author ID:1281667 Share Posted November 17, 2018 Just restarted my PC, restored all quarantined items back to their regular locations, updated Malwarebytes to the latest update, did a threat scan, and no threats were found; everything seems to have been fixed on my end. Link to post Share on other sites More sharing options...
Staff blender Posted November 17, 2018 Staff ID:1281669 Share Posted November 17, 2018 @Logus Yes, they are. They will no longer be detected either with this update Link to post Share on other sites More sharing options...
Logus Posted November 17, 2018 ID:1281671 Share Posted November 17, 2018 Ok! Thank you. Link to post Share on other sites More sharing options...
honeycoughdrop Posted November 17, 2018 ID:1281672 Share Posted November 17, 2018 Thanks for the prompt responses and fixes! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now