Jump to content

Possible false positive - Nanocore CCME_ASYM.DLL and CCME_BASE.DLL


Recommended Posts


NanoCore.Backdoor, C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\68AB67CA7DA76301B744CAF070E41400\15.7.20033\CCME_ASYM.DLL, Aucune action de l'utilisateur, 1000002, 0, 1.0.32498, 5FAFCF7D7EC1BB24C69AA8B4, dds, 00971610, 219D56D4B66DAED4169318C45E7792B3, E5CE2FE10F69F82B108B657F3D75D308FBE118FA58E149DE9C142BA954C3E8C0

Aucune action de l'utilisateur, Means you took no action. You need to quarantine them. Vous devez les mettre en quarantaine.

Link to post
Share on other sites

46 minutes ago, DavidJames said:

I need to understand this result to know if I should format my PCs and change all my passwords >_< (NanoCore is a Remote Access Trojan)

if you want to be certain that the system is clean, we do offer free assistance by trained and vetted malware removal specialists.  If you wish they can analyze your system for you and guide you in removing any threats that might be present as well as help to troubleshoot the issues you're experiencing.  To work with them, simply read and follow the instructions in this topic, skipping any steps you are unable to complete, then creating a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you as soon as one is available.

Link to post
Share on other sites

Hey guys. 


I had the same thing after not even using my device since the last full scan. 

Time line as follows:

Full scan using malwarebytes and other scanners, no detections. 

Had to leave without using device after full scans so turned off PC. Event viewer confirmed device not accessed until I returned a few days later. 

Downloaded definition updates, disconnected PC and rescanned everything in full (i do a full scan every 3 or 4 days regardless of usage) 

Now I had these detections like you, though PC remained unused since last full clear scan. No detections on any other AV. 


CLI seemed to confirm false positive above. 


So far no issues with my PC usage, though would be nice to hear more from Malwarebytes team. 

Link to post
Share on other sites

Thank you for a very quick answer that it was a false threat of trojan.

In the weekend I made a couple of scans and later on it found that there was another two files in quarantine from the Brother printer. 
I put the printscreen of the all files which I have in my quaranteen to check and to be sure it wasn't a malware threat. 

Could you check it once again and let me know?  

False Positive1.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.