Jump to content

False positive?


Recommended Posts

Hello I completed a scan with the newest version of malwarebytes and it gave me this results:

Malwarebytes www.malwarebytes.com

-Log Details- Scan Date: 11/16/18 Scan Time: 4:13 PM Log File: e263e9b4-e9ec-11e8-b411-7085c27fdc6a.json

-Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7881 License: Free

-System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: DESKTOP-VIP0ILR\jordy

-Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 297533 Threats Detected: 6 Threats Quarantined: 0 Time Elapsed: 2 min, 28 sec

-Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect

-Scan Details- Process: 0 (No malicious items detected)

Module: 0 (No malicious items detected)

Registry Key: 5 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, No Action By User, [6885], [599789],1.0.7881 Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, No Action By User, [6885], [599789],1.0.7881

Registry Value: 0 (No malicious items detected)

Registry Data: 0 (No malicious items detected)

Data Stream: 0 (No malicious items detected)

Folder: 0 (No malicious items detected)

File: 1 Trojan.Emotet.Generic, C:\WINDOWS\SYSWOW64\PID.DLL, No Action By User, [6885], [599789],1.0.7881

Physical Sector: 0 (No malicious items detected)

WMI: 0 (No malicious items detected)

I performed one yesterday and it came up clean. I have not downloaded anything or opened any fishy emails or visited any shady sites since yesterday is this a false positive? Virustotal showed 1/66 with only malwarebytes detecting the pid.dll file as a trojan.

Link to post
Share on other sites

Same exact problem here. My system just updated to Windows 10 1809 yesterday, so my first thought is also that this is a potential false positive. Here's my log, happy to provide anything else.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/16/18
Scan Time: 6:28 PM
Log File: 4e6377a6-e9f7-11e8-8e17-b8aeed7ab81c.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7881
License: Premium

-System Information-
OS: Windows 10 (Build 17763.134)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 306496
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 6 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 5
Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881
Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881
Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}, Quarantined, [6885], [599789],1.0.7881
Trojan.Emotet.Generic, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, Quarantined, [6885], [599789],1.0.7881
Trojan.Emotet.Generic, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EEC6993A-B3FD-11D2-A916-00C04FB98638}\InprocServer32, Quarantined, [6885], [599789],1.0.7881

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Emotet.Generic, C:\WINDOWS\SYSWOW64\PID.DLL, Quarantined, [6885], [599789],1.0.7881

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.