Jump to content
hellothere1

Mbytes detecting itself as trojan?

Recommended Posts

Hi,

This isn't a file from Malwarebytes, but a file that was intercepted by our rootkitscanner before that was most probably a forged file, so it's safe to delete that file anyway.

Share this post


Link to post
Share on other sites

Hi, 

 

I also had this exact detection yesterday. Please see attached report. Upon selecting to quarantine the file and rebooting it was not added to the quarantine list and on a repeat scan would be detected again.

This morning I ran several other anti-malware programmes,( ESET, Windows Defender, Housecall, Emsisoft Emergency Kit) all on full scan settings and all had 0 detection's.

I then repeated a scan this afternoon with Malwarebytes premium with the latest definitions and it had 0 detection's.

I was certain this was a false positive of some kind, but now you suggesting is related to a root kit I am concerned, especially since it is labelled as trojan.selfdelete and it is now no longer detected on my system without any successful action from me.

Could you please explain, what the risks are and if I need to do anything.

 

Thanks

MB Report 290620.txt

Share this post


Link to post
Share on other sites

Hi,

This was a false positive indeed that has been fixed. However, it was safe to delete the file that was detected, as these are the files "collected/copied" by Malwarebytes during a rootkit scan when it sees a "forged" file. Meaning, reads through WinAPI differs from the contents readen through low-level disk access. This doesn't always mean there's a rootkit present that forged this file, as there might be a lot of other reasons why a file can be seen as forged. 

We did have a FP on that typical "forged" file that was collected/copied to the malwarebytes tmp directory (where it collects these types of files), so that has been fixed in a meanwhile.

But as I said, if that file got deleted from that directory, it's totally fine, as this was just a copy.

So no need to worry at all here. :)

 

Share this post


Link to post
Share on other sites

Good day everyone,

I have received this message on five different machines at different locations today.  In each case  the messages received were:

An active Malwarebytes Anti-Malware threat was detected on (machine name) at 2020-06-30 08:03:39Z.  The threat is:

Name: Trojan.SelfDelete

Location: C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

Status: ACTION REQUIRED!

 

Followed by this message:

An active Malwarebytes Anti-Malware threat was detected and an action was automatically taken by the client on (machine name) at 2020-06-30 08:03:43Z.  The threat is:

Name: Trojan.SelfDelete

Location: HKLM\SOFTWARE\CLASSES\TYPELIB\{34AAD71E-0356-470C-94B7-593BE46311BB}

Status: Quarantined

 

Is this the same false positive and is there any action required or recommended here?  We are using MalwareBytes version 1.8.02.1012

 

Share this post


Link to post
Share on other sites

Hi,

Yes, this was the same False Positive, so please update your database, so this will no longer be detected anymore.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.