Jump to content

Recommended Posts

I just got on my computer today and did my daily startup scan, only to be greeted with pid.dll and its registry keys counted as an emotet trojan. I haven't been on any strange sites, and others are also having this issue, so it's safe to conclude that this may just be a false positive.

I have successfully quarantined it by simply rebooting (although the computer didn't like it that much). It did come back after each scan like the emotet trojan, but that could just be because of how system files work sometimes.pid.dll False Positive.txt

image.png.5487f18fc4f74bcdc61356426edda63d.png

 

Share this post


Link to post
Share on other sites

I just got this same thing. The exact same detections. The file itself is from April, so it must be a new detection scheme. But I wonder if it is a false positive; I uploaded the file to virustotal and only Malwarebytes lists it as malware. I await input from the experts.

Share this post


Link to post
Share on other sites

I have the same thing happening; same files, locations, threat type, & ID numbers too.

Share this post


Link to post
Share on other sites

I think it's a false positive. I did sfc /scannow after putting it into quarantine,  restarting and runnig malwarebytes again (without any hits) and got an error message back.

So i did  DISM.exe /Online /Cleanup-image /Restorehealth and again sfc /scannow afterwards and it fixed the problem. Now when I run malwarebytes again, suprise, pid.dll is back.

Share this post


Link to post
Share on other sites
3 minutes ago, GreenAlien said:

I think it's a false positive. I did sfc /scannow after putting it into quarantine,  restarting and runnig malwarebytes again (without any hits) and got an error message back.

So i did  DISM.exe /Online /Cleanup-image /Restorehealth and again sfc /scannow afterwards and it fixed the problem. Now when I run malwarebytes again, suprise, pid.dll is back.

Did that include the registry keys as well?

Share this post


Link to post
Share on other sites

This is a false positive. We are in the process of pushing out an update now. Please watch the following thread for more updates:

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.