Scubnubby Posted November 18, 2018 ID:1281909 Share Posted November 18, 2018 I need some advice, I run both Malwarebytes and Norton Security to protect my PC (windows 10) I run scans multiple times a day, my routine beeing, first run updates for both malwarebytes and norton, then scan with malwarebytes, and after that scan with norton. When I did this on the 16th my first scan of the day gave my an all clear on everything, as ussual. When I ran updates and scanned later that night however I found 6 Emotet trojans(1 file, 5 Keys) which I assume is the false positive people here are talking about. After quarantine I scanned with norton, which found nothing. The part I need advice on is this. The day after in the evening I decided to reinstall my windows, picking the option that deletes my files. After the reinstall i downloaded malwarebytes, norton, firefox and ran windows updates. Then immediatly starting with same old routing, running updates and scanning. This time norton found C:\Windows\SysWOW64\Pid.dll to be Bloodhound.MalPE. I see on some of the links in this thread that some people like kdonovan9 had their pid on virustotal gave Bloodhound.MalPE on symantec, while for others it wasnt. So my question is, Is this linked to the false positive? Is it like a false positive from nortons end? I get the 6 trojans I found with malwarebytes on the 16th where probably false, but I am quite confused about the Bloodhound.MalPE and would like some advice on how to proceed next. Link to post Share on other sites More sharing options...
Staff shadowwar Posted November 18, 2018 Staff ID:1281910 Share Posted November 18, 2018 (edited) This is most likely linked to the false positive. Bloodhound i believe uses virustotal results to help calculate detection. With Our fp it triggered symantec to detect it also it seems. Both are fps and i would just leave it alone. Edited November 18, 2018 by shadowwar Link to post Share on other sites More sharing options...
moonfish Posted November 18, 2018 ID:1281929 Share Posted November 18, 2018 Hello, just found this thread I had the same detections, great to hear that these are false positives. I just would like to know how malwarebytes handles restored files (out of Quarantine). Are they in a way "Whitelisted" (for example if I had restored the Files of the Quarantine before the fix, would have Malwarebytes re-detected them during a scan or ignored them?) Or is there a way of specifically scanning the files before restoring them? Link to post Share on other sites More sharing options...
Heckthis Posted November 18, 2018 ID:1281930 Share Posted November 18, 2018 I would find where it keeps the items and scan them there. Link to post Share on other sites More sharing options...
moonfish Posted November 18, 2018 ID:1281932 Share Posted November 18, 2018 3 minutes ago, Heckthis said: I would find where it keeps the items and scan them there. Ok, you mean when still in quarantine? Would that work? I always thought they are somehow changed (compressed/encrypted or something like that) so that they cannot do any harm - and therefore also wouldnt be detected by malwarebytes... Or do you mean after restoring? That would work for the File, but I have no Idea how to scan the registry entries manually or if this even makes sense... Link to post Share on other sites More sharing options...
dcollins Posted November 19, 2018 ID:1282031 Share Posted November 19, 2018 When you remove a file from quarantine, it is not automatically whitelisted. You will either need to exclude the file manually, or wait until the file is detected again, and then choose to ignore the file which will add it to your exclusion list Link to post Share on other sites More sharing options...
Staff shadowwar Posted November 19, 2018 Staff ID:1282084 Share Posted November 19, 2018 Scanning files in quarantine folder will not work. They are encrypted and disabled so they will not detect or possibly run. This is why it is safe you leave files in the quarantine for at least a few days so you can restore them if needed. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now