JLA21 Posted November 16, 2018 ID:1281645 Share Posted November 16, 2018 Hello I completed a scan with the newest version of malwarebytes and it gave me this results: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/16/18 Scan Time: 4:13 PM Log File: e263e9b4-e9ec-11e8-b411-7085c27fdc6a.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7881 License: Free -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: DESKTOP-VIP0ILR\jordy -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 297533 Threats Detected: 6 Threats Quarantined: 0 Time Elapsed: 2 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, No Action By User, [6885], [599789],1.0.7881 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Emotet.Generic, C:\WINDOWS\SYSWOW64\PID.DLL, No Action By User, [6885], [599789],1.0.7881 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) I performed one yesterday and it came up clean. I have not downloaded anything or opened any fishy emails or visited any shady sites since yesterday is this a false positive? Virustotal showed 1/66 with only malwarebytes detecting the pid.dll file as a trojan. Link to post Share on other sites More sharing options...
strukt Posted November 16, 2018 ID:1281649 Share Posted November 16, 2018 Same exact problem here. My system just updated to Windows 10 1809 yesterday, so my first thought is also that this is a potential false positive. Here's my log, happy to provide anything else. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/16/18 Scan Time: 6:28 PM Log File: 4e6377a6-e9f7-11e8-8e17-b8aeed7ab81c.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7881 License: Premium -System Information- OS: Windows 10 (Build 17763.134) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 306496 Threats Detected: 6 Threats Quarantined: 6 Time Elapsed: 6 min, 55 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 5 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, Quarantined, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, Quarantined, [6885], [599789],1.0.7881 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Emotet.Generic, C:\WINDOWS\SYSWOW64\PID.DLL, Quarantined, [6885], [599789],1.0.7881 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
dcollins Posted November 16, 2018 ID:1281656 Share Posted November 16, 2018 This is a false positive that we are pushing out an update for now. Please see the following thread for any more updates: Link to post Share on other sites More sharing options...
Recommended Posts