Jump to content
Sorr

Not sure if a false positive pid.dll

Recommended Posts

I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you!

Report.JPG

Results 2.txt

Edited by shadowwar

Share this post


Link to post
Share on other sites

I also Checked the file on Virustotal and Malwarebytes is the only one flagging this file as malware/Trojan.Emotet.Generic.

Capture.JPG

Share this post


Link to post
Share on other sites

Hi, I have same problem started today, same exact file and registry entries show up in malwarebytes scan, when I do virustotal upload of the pid.dll I get the same results as you, the only interesting fact is the SHA256 differs for my pid.dll vs yours

SHA-256
921c5495a1ca4b380cca6d5fb38b4131197d961712b7b26960cdeb1457e4e2e6
File name
PID
File size
37.5 KB
Last analysis
2018-11-16 22:09:08 UTC

Share this post


Link to post
Share on other sites

Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little

I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser.

 

Share this post


Link to post
Share on other sites

Also having the same issue. Will post Virustotal when scan is done. I scanned my computer yesterday and it said clean, so hopefully this is just a false positive for all of us.

Share this post


Link to post
Share on other sites
2 minutes ago, ElectroTheDevolian said:

Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little

I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser.

 

Update: pid.dll is now missing from the computer due to an attempted reboot (needless to say the computer froze because it didn't like that). It hasn't come back yet like it did the last 4 times before the reboot, so I still have a copy in quarantine thanks to that in case I need to put it back.

Share this post


Link to post
Share on other sites
3 minutes ago, drdas said:

So confirmed false positive?

Yes, this is a false positive. We are working to push out an update that will remove the detection.

Thanks

 

Share this post


Link to post
Share on other sites

I have the same problem. I quarantined the files just in case of it being the real deal. Is there any problem if I restore the 6 files ?

Share this post


Link to post
Share on other sites
1 minute ago, JLA21 said:

I have the same problem. I quarantined the files just in case of it being the real deal. Is there any problem if I restore the 6 files ?

Also wondering if I should restore the files.

Share this post


Link to post
Share on other sites

I think they said the file is a false positive.

But I'm wondering if the reg. keys are also false positives

Share this post


Link to post
Share on other sites

Hello again,

Please make sure you have the following database updates!

MBAM1x/2x
v2018.11.16.06 was published at 11/16/2018 11:42:24 PM (UTC)
MB3
1.0.7883 was published at 11/16/2018 11:56:24 PM (UTC)

It was JUST published so may take a few minutes for you to see it on your machine.

 

Thanks again for reporting!

Share this post


Link to post
Share on other sites

Just restarted my PC, restored all quarantined items back to their regular locations, updated Malwarebytes to the latest update, did a threat scan, and no threats were found; everything seems to have been fixed on my end.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.