Jump to content

Recommended Posts

Hello, is this about possible false alarms?

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.02.15.02
  rootkit: v2019.02.15.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19129
XXXXXXXXXX :: XXXXXXXXXX [administrator]

15.02.2019 12:46:07
mbar-log-2019-02-15 (12-46-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 204665
Time elapsed: 21 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3214318506-529363610-2749938587-1000\$RVXMEW2.exe (Backdoor.Farfli) -> No action taken. [9c2266c1ab1c90a6bf6c4625ee1508f8]
C:\XXXXXXXXXX\XXXXXXXXXX\Downloads\GDCleanUp.exe (Backdoor.Farfli) -> No action taken. [bb039394c304fd39ba7191daf80bfa06]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

MAM

 

Link to post
Share on other sites

Hello, well, well.

Here are the result´s ftom VT, https://www.virustotal.com/#/file/31a7670cd5422b520ac209d1ec4e6741616ca9c559fcb5f1c8bffc29f039e332/detection

In case, with GDCleanUp.exe.

Because, now I have a problem with the result, now regardless of whether this is a false alarm or not. Because Malwarebytes-Antimalware, searches for and recognizes root kits,  too or ???

Then this false positive or actual infection should also be displayed ... ???

So it should be raised by both programs.

Malwarebytes for Root Kits, and Malwarebytes Anti-Malware.
 
MAM
Link to post
Share on other sites

Hello,

Thanks for reporting this. It is a false positive and will be corrected in the next database update. Sorry for the inconvenience

 

1 hour ago, MAM said:

Because, now I have a problem with the result, now regardless of whether this is a false alarm or not. Because Malwarebytes-Antimalware, searches for and recognizes root kits,  too or ???

Yes it will pick up rootkits as well if you have the  " Scan for Rootkits" enabled in Malwarebytes Anti-Malware. It is turned off by default

 

image.png.f48e08c0cb55e242538efa9dba6fdfbf.png

 

Best regards

Link to post
Share on other sites

14 minutes ago, MAM said:

Hello, here are the File.

The packed file is to big to uplaod...

Here can you download this File, https://workupload.com/file/3e9kwMnQ

Source was, https://www.gdata.de/clean-up#c127601

here.

MAM

Thank you. I was able to download it. It shouldn't be detected anymore

Fixed in:

MBAM2 Version: v2019.02.15.08
MBAM3 Version: 1.0.9290

Link to post
Share on other sites

Sorry,

Sorry, both of your programs, including Malwarebytes Anti-Malware, and Malwarebytes Anti Rootkit should come to the same conclusion for rootkit detection, whether it be a malady or a true infection.
Or?
I am now waiting for a correct answer !!!

 
MAM
 
 
Link to post
Share on other sites

On 2/15/2019 at 5:08 PM, MAM said:

Hello, please explain  me why ?

I think this probelm is solved now. ...?

MAM

Sorry for the delayed response. I am still not quite sure what you are wanting me to explain

The file you reported as a false positive (GDCleanUp.exe) was indeed a false positive and yes, it was fixed shortly after you reported it in the following database versions:

MBAM2 Version: v2019.02.15.08
MBAM3 Version: 1.0.9290

You will have to update your database to notice the changes on your end.

Link to post
Share on other sites

  • 2 weeks later...

@thisisu hi there .

the file above is still being flagged by Malwarebytes . and there are more false positives !

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/4/19
Scan Time: 5:02 PM
Log File: 37b8cbda-3e86-11e9-b8d6-80c5f246c586.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9532
License: Trial


-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269056
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 1 hr, 5 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532
RiskWare.HeuristicsReservedWordExploit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.HeuristicsReservedWordExploit, C:\USERS\\DOWNLOADS\SVCHOST.EXE, No Action By User, [5734], [293553],1.0.9532

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Edited by Gt-truth
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.