Jump to content
MAM

False positive results

Recommended Posts

Hello, is this about possible false alarms?

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.02.15.02
  rootkit: v2019.02.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19129
XXXXXXXXXX :: XXXXXXXXXX [administrator]

15.02.2019 12:46:07
mbar-log-2019-02-15 (12-46-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 204665
Time elapsed: 21 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3214318506-529363610-2749938587-1000\$RVXMEW2.exe (Backdoor.Farfli) -> No action taken. [9c2266c1ab1c90a6bf6c4625ee1508f8]
C:\XXXXXXXXXX\XXXXXXXXXX\Downloads\GDCleanUp.exe (Backdoor.Farfli) -> No action taken. [bb039394c304fd39ba7191daf80bfa06]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

MAM

 

Share this post


Link to post
Share on other sites

Hello, well, well.

Here are the result´s ftom VT, https://www.virustotal.com/#/file/31a7670cd5422b520ac209d1ec4e6741616ca9c559fcb5f1c8bffc29f039e332/detection

In case, with GDCleanUp.exe.

Because, now I have a problem with the result, now regardless of whether this is a false alarm or not. Because Malwarebytes-Antimalware, searches for and recognizes root kits,  too or ???

Then this false positive or actual infection should also be displayed ... ???

So it should be raised by both programs.

Malwarebytes for Root Kits, and Malwarebytes Anti-Malware.
 
MAM

Share this post


Link to post
Share on other sites

Hello,

Thanks for reporting this. It is a false positive and will be corrected in the next database update. Sorry for the inconvenience

 

1 hour ago, MAM said:

Because, now I have a problem with the result, now regardless of whether this is a false alarm or not. Because Malwarebytes-Antimalware, searches for and recognizes root kits,  too or ???

Yes it will pick up rootkits as well if you have the  " Scan for Rootkits" enabled in Malwarebytes Anti-Malware. It is turned off by default

 

image.png.f48e08c0cb55e242538efa9dba6fdfbf.png

 

Best regards

Share this post


Link to post
Share on other sites

If possible, can you zip and attach C:\XXXXXXXXXX\XXXXXXXXXX\Downloads\GDCleanUp.exe for review? I'd like to make sure it's the same as the one found here.

Share this post


Link to post
Share on other sites

Hello, well that was my fault.

I make a test, sorry for confusing.

I will report back, soon.

MAM

Share this post


Link to post
Share on other sites

Sorry, i found nothing by me with Malwarebytes Anti-Malware, only a little Pup, but not a RootKit infection, or Fp.

Who takes us now in the matter, in this matter?

Or who is kidding us now?
 
 

MAM

Share this post


Link to post
Share on other sites

Sorry,

Sorry, both of your programs, including Malwarebytes Anti-Malware, and Malwarebytes Anti Rootkit should come to the same conclusion for rootkit detection, whether it be a malady or a true infection.
Or?
I am now waiting for a correct answer !!!

 
MAM
 
 

Share this post


Link to post
Share on other sites

Hello, well i use here Malwarebytes for FREE in the version 3.7.1.

And, Malwarebytes Anti Root Kkit, version BETA V1.10.3.1001.

MAM

Share this post


Link to post
Share on other sites

Hello, please explain  me why ?

I think this probelm is solved now. ...?

MAM

Edited by MAM

Share this post


Link to post
Share on other sites
On 2/15/2019 at 5:08 PM, MAM said:

Hello, please explain  me why ?

I think this probelm is solved now. ...?

MAM

Sorry for the delayed response. I am still not quite sure what you are wanting me to explain

The file you reported as a false positive (GDCleanUp.exe) was indeed a false positive and yes, it was fixed shortly after you reported it in the following database versions:

MBAM2 Version: v2019.02.15.08
MBAM3 Version: 1.0.9290

You will have to update your database to notice the changes on your end.

Share this post


Link to post
Share on other sites

Hello,

Yes indeed these false positives have been fixed, and the second I think so too.
 

MAM

Share this post


Link to post
Share on other sites
Posted (edited)

@thisisu hi there .

the file above is still being flagged by Malwarebytes . and there are more false positives !

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/4/19
Scan Time: 5:02 PM
Log File: 37b8cbda-3e86-11e9-b8d6-80c5f246c586.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9532
License: Trial


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269056
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 1 hr, 5 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.HeuristicsReservedWordExploit, C:\USERS\\DOWNLOADS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Edited by Gt-truth

Share this post


Link to post
Share on other sites

@Gt-truth Thanks for reporting. Svchost.exe doesn't normally run from the Downloads folder, so if you intended for that to happen, please set an exclusion for it.

As a note, please post in a new thread next time because it's easier to keep track of things. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.