Jump to content

Possible False Positive(s)


Recommended Posts

Hello,

 

I had updated my visual studio about a week ago.
Malwarebytes ran its own scan today and is reporting the following.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/17/20
Scan Time: 4:50 PM
Log File: 99347db4-e0d3-11ea-9e4b-f0038cd25fe4.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.28633
License: Premium

-System Information-
OS: Windows 10 (Build 19041.450)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 510244
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 47 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
Malware.Heuristic.1001, C:\USERS\FRED\APPDATA\LOCAL\TEMP\JWDYXUGB.3PT\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.28633, 0000000000000000000003E9, dds, 00856520, B6F517D0D8C20567335849424C9AD03F, 82AB30A0F33B0AB1CE072614CDB6869396FC7A2A12EEC3E7739EA08F54DCE46D
Malware.Heuristic.1001, C:\USERS\FRED\APPDATA\LOCAL\TEMP\UAYNGBAQ.CX1\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.28633, 0000000000000000000003E9, dds, 00856520, A353E6AF9EE536100BC9675B0271897A, ECDF0FC42077A136D3BDFBACD8013F6BCB02A87580FABD10B586A6A17D93FE72

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

I am pretty sure it is false Positives.

 

Thanks

Fred

 

False-P.zip

Link to post
Share on other sites
2 minutes ago, Grenpara said:

Malwarebytes ran its own scan today and is reporting the following.

It is recommended to keep your VS work folder excluded in the allow list.

 

Link to post
Share on other sites

I've been getting the vs_installershell.exe report, described above, in my overnight scan since August 23rd.

I updated malwarebytes yesterday but it's still reporting this.  Log details appended.

Thanks for your comments.

-Log Details-
Scan Date: 25/08/2020
Scan Time: 03:40
Log File: 45488232-e67c-11ea-99d1-9829a63e4f93.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1025
Update Package Version: 1.0.29007
Licence: Premium

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 392189
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 1 hr, 4 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Heuristic.1001, C:\USERS\CIARáN Ó DUIBHíN\APPDATA\LOCAL\TEMP\EVURSN4J.XYY\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.29007, 0000000000000000000003E9, dds, 00866951, 6037A74A840C5247280BAE7986E7F521, BFA81826A56FB60785C93EC83AAEE29BA427D20D1C426DF51000D58C98A4D81B

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Thanks for reporting, you will see this fixed in the next 10 minutes. 

We also advise you to turn off the "Use expert system algorithms to identify malicious files". This heuristic is OFF by default and can prevent this from happening again. 

image (1).png

Link to post
Share on other sites

Thank you.  All clear today.

I'm puzzled by your advice to turn off "Use expert system algorithms to identify malicious files".  I have never turned this setting on.  All four of my scan settings are/were exactly as shown in your screenshot.

Many thanks again.

Link to post
Share on other sites

You're welcome. We have found that some people were getting FPs with that setting on. Since yours was off, you can ignore that advice. 🙂

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.