ElectroTheDevolian Posted November 16, 2018 ID:1281633 Share Posted November 16, 2018 I just got on my computer today and did my daily startup scan, only to be greeted with pid.dll and its registry keys counted as an emotet trojan. I haven't been on any strange sites, and others are also having this issue, so it's safe to conclude that this may just be a false positive. I have successfully quarantined it by simply rebooting (although the computer didn't like it that much). It did come back after each scan like the emotet trojan, but that could just be because of how system files work sometimes.pid.dll False Positive.txt Link to post Share on other sites More sharing options...
drdas Posted November 16, 2018 ID:1281634 Share Posted November 16, 2018 I just got this same thing. The exact same detections. The file itself is from April, so it must be a new detection scheme. But I wonder if it is a false positive; I uploaded the file to virustotal and only Malwarebytes lists it as malware. I await input from the experts. Link to post Share on other sites More sharing options...
Sorr Posted November 16, 2018 ID:1281635 Share Posted November 16, 2018 I have the same thing happening; same files, locations, threat type, & ID numbers too. Link to post Share on other sites More sharing options...
GreenAlien Posted November 16, 2018 ID:1281642 Share Posted November 16, 2018 I think it's a false positive. I did sfc /scannow after putting it into quarantine, restarting and runnig malwarebytes again (without any hits) and got an error message back. So i did DISM.exe /Online /Cleanup-image /Restorehealth and again sfc /scannow afterwards and it fixed the problem. Now when I run malwarebytes again, suprise, pid.dll is back. Link to post Share on other sites More sharing options...
ElectroTheDevolian Posted November 16, 2018 Author ID:1281644 Share Posted November 16, 2018 3 minutes ago, GreenAlien said: I think it's a false positive. I did sfc /scannow after putting it into quarantine, restarting and runnig malwarebytes again (without any hits) and got an error message back. So i did DISM.exe /Online /Cleanup-image /Restorehealth and again sfc /scannow afterwards and it fixed the problem. Now when I run malwarebytes again, suprise, pid.dll is back. Did that include the registry keys as well? Link to post Share on other sites More sharing options...
GreenAlien Posted November 16, 2018 ID:1281652 Share Posted November 16, 2018 I put everything into quarantine, but now after the sfc stuff it only flags pid.dll. Link to post Share on other sites More sharing options...
dcollins Posted November 16, 2018 ID:1281653 Share Posted November 16, 2018 This is a false positive. We are in the process of pushing out an update now. Please watch the following thread for more updates: Link to post Share on other sites More sharing options...
Recommended Posts