Jump to content

Not sure if a false positive pid.dll


Recommended Posts

I need some advice,
I run both Malwarebytes and Norton Security to protect my PC (windows 10)
I run scans multiple times a day, my routine beeing, first run updates for both malwarebytes and norton, then scan with malwarebytes, and after that scan with norton.
When I did this on the 16th my first scan of the day gave my an all clear on everything, as ussual.
When I ran updates and scanned later that night however I found 6 Emotet trojans(1 file, 5 Keys) which I assume is the false positive people here are talking about.
After quarantine I scanned with norton, which found nothing.

The part I need advice on is this.
The day after in the evening I decided to reinstall my windows, picking the option that deletes my files.
After the reinstall i downloaded malwarebytes, norton, firefox and ran windows updates. Then immediatly starting with same old routing, running updates and scanning.
This time norton found C:\Windows\SysWOW64\Pid.dll to be Bloodhound.MalPE.

I see on some of the links in this thread that some people like kdonovan9 had their pid on virustotal gave Bloodhound.MalPE on symantec, while for others it wasnt.

So my question is, Is this linked to the false positive? Is it like a false positive from nortons end?
I get the 6 trojans I found with malwarebytes on the 16th where probably false, but I am quite confused about the Bloodhound.MalPE and would like some advice on how to proceed next.

Link to post
Share on other sites
  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

This is most likely linked to the false positive. Bloodhound i believe uses virustotal results to help calculate detection. With Our fp it triggered symantec to detect it also it seems.

Both are fps and i would just leave it alone.

Edited by shadowwar
Link to post
Share on other sites

Hello,
just found this thread I had the same detections, great to hear that these are false positives.

I just would like to know how malwarebytes handles restored files (out of Quarantine). Are they in a way "Whitelisted" (for example if I had restored the Files of the Quarantine before the fix, would have Malwarebytes re-detected them during a scan or ignored them?)

Or is there a way of specifically scanning the files before restoring them?

Link to post
Share on other sites
3 minutes ago, Heckthis said:

I would find where it keeps the items and scan them there. 

Ok, you mean when still in quarantine? Would that work? I always thought they are somehow changed (compressed/encrypted or something like that) so that they cannot do any harm - and therefore also wouldnt be detected by malwarebytes...

Or do you mean after restoring? That would work for the File, but I have no Idea how to scan the registry entries manually or if this even makes sense...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.