Jump to content
ShadowMario3

Malware.AI.4146697236 - VoipRT.dll

Recommended Posts

This started popping up after updating to Windows 2004 today (made sure to update to latest Malwarebytes that fixed the latest issue). However, it only scans the ones in Windows.old as false positives, not in the regular Windows folder. Don't necessarily need these files, but I find this pretty odd.

False Positive Report 07-24-20.txt

Share this post


Link to post
Share on other sites
3 minutes ago, ShadowMario3 said:

it only scans the ones in Windows.old as false positives

It is a heuristic detection because it is not in the expected location. Windows.old will delete itself in 10 days anyway.

I am sure it will be corrected to not alarm others when detected.

Quote

Scan Type: Custom Scan

Also, Custom scans are not really needed and are not recommended on a regular basis unless you really believe you are actually infected.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

Share this post


Link to post
Share on other sites
18 minutes ago, Porthos said:

It is a heuristic detection because it is not in the expected location. Windows.old will delete itself in 10 days anyway.

That makes sense, thank you.

As for the Custom Scan, doing a manual Threat Scan doesn't allow you to scan for Rootkits (scheduling a daily Threat Scan allows this though, have it enabled just in case), which is why I opted for the Custom Scan (I interrupted a daily Threat Scan by restarting the computer).

Share this post


Link to post
Share on other sites
Posted (edited)
11 minutes ago, ShadowMario3 said:

As for the Custom Scan, doing a manual Threat Scan doesn't allow you to scan for Rootkits (scheduling a daily Threat Scan allows this though, have it enabled just in case)

It is recommend rootkit be turned on only where there is an issue for removing something with the normal scan. Rootkit is slightly more dangerous as it has to disable some whitelisting to remediate some rootkits.

Maybe once a week if really if want to use rootkit. But honestly we rarely see rootkit files anymore and the newer engine can remove most of them anyways even without rootkit on.

Edited by Porthos

Share this post


Link to post
Share on other sites

Hola. A mí me ha pasado igual. Adjunto resultados.

No subo los archivos porque ya no los tengo. Windows los ha borrado.

Saludos. 🙂

resultados.txt

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.