Jump to content

Not sure if a false positive pid.dll


Recommended Posts

I just did a threat scan on my computer and I wanted to make sure if this scan was accurate. I had done a full scan last night and didn't get any results, nothing flashed earlier on my real-time protection, and I haven't gone to any unsecured/ non-HTTPS sites (I've been to Zillow, Indeed, and Great Schools.org; literally the only websites I can think of where this trojan may have come from), so I'm not sure if this is a legitimate threat or not.The threat is labeled as Trojan.Emotet.Generic , found under the C:\WINDOWS\SYSWOW64\PID.DLL and found in the HKLM\SOFTWARE folders. I've attached the log file and screenshot of the report below. May I please get some help on this? Thank you!

Report.JPG

Results 2.txt

Edited by shadowwar
Link to post
Share on other sites
  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hi, I have same problem started today, same exact file and registry entries show up in malwarebytes scan, when I do virustotal upload of the pid.dll I get the same results as you, the only interesting fact is the SHA256 differs for my pid.dll vs yours

SHA-256
921c5495a1ca4b380cca6d5fb38b4131197d961712b7b26960cdeb1457e4e2e6
File name
PID
File size
37.5 KB
Last analysis
2018-11-16 22:09:08 UTC

Link to post
Share on other sites

Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little

I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser.

 

Link to post
Share on other sites
2 minutes ago, ElectroTheDevolian said:

Hey, same thing as well. Really hoping it's a false postitive because I have no idea where I got this from. At first I thought it was from one of my family getting on something they shouldn't have, but seeing other people have the issue relieves me a little

I would like to add however that it only picks it up as a threat if you're connected to a network. At least that's what it seems like. Trying some things to test it, such as using certain software and, will see if that sets it off. All I had open at the time was Steam, Discord, and my Firefox browser.

 

Update: pid.dll is now missing from the computer due to an attempted reboot (needless to say the computer froze because it didn't like that). It hasn't come back yet like it did the last 4 times before the reboot, so I still have a copy in quarantine thanks to that in case I need to put it back.

Link to post
Share on other sites

Hello again,

Please make sure you have the following database updates!

MBAM1x/2x
v2018.11.16.06 was published at 11/16/2018 11:42:24 PM (UTC)
MB3
1.0.7883 was published at 11/16/2018 11:56:24 PM (UTC)

It was JUST published so may take a few minutes for you to see it on your machine.

 

Thanks again for reporting!

Link to post
Share on other sites

Just restarted my PC, restored all quarantined items back to their regular locations, updated Malwarebytes to the latest update, did a threat scan, and no threats were found; everything seems to have been fixed on my end.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.