Jump to content
Tengil

Rogue.AntiVirus

Recommended Posts

It had to happen sooner or later, Mbam has turned on itself:

Malwarebytes' Anti-Malware 1.41

Database version: 2934

Windows 5.1.2600 Service Pack 3

2009-10-10 07:00:10

mbam-log-2009-10-10 (07-00-04).txt

Scan type: Quick Scan

Objects scanned: 111873

Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 6

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Lavasoft Ad-Aware SE Professional (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Logs (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\RogueRemover FREE (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Symantec Client Security (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

Files Infected:

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Lavasoft Ad-Aware SE Professional\Ad-Aware SE Manual.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Lavasoft Ad-Aware SE Professional\Ad-Aware SE Professional.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Lavasoft Ad-Aware SE Professional\Ad-Watch SE Professional.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Lavasoft Ad-Aware SE Professional\Uninstall Ad-Aware SE Professional.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Malwarebytes' Anti-Malware Help.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Malwarebytes' Anti-Malware.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Uninstall Malwarebytes' Anti-Malware.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Logs\Desktop.ini (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Mbam\Logs\target.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\RogueRemover FREE\Help.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\RogueRemover FREE\RogueRemover FREE.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\RogueRemover FREE\Uninstall RogueRemover FREE.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\Symantec Client Security\Symantec AntiVirus.lnk (Rogue.AntiVirus) -> No action taken. [3742513051807286701534798574557483868413010649514840513446520661347985748774838

684]

Share this post


Link to post
Share on other sites

The "Antivirus" rogue in fact creates a "Start Menu\Programs\Antivirus" subfolder, see here, so therefore this can't be considered a "full" False Positive

A quick solution would be to rename that folder to something else, say "Start Menu\Programs\Security

Share this post


Link to post
Share on other sites

The quick solution works, thanks.

It seems a bit weak to identify a malware just by a start menu folder name, especially one as generic as Antivirus.

Share this post


Link to post
Share on other sites

Well, if you were indeed to have that Start Menu folder as either part or remnant of a Rogue.Antivirus infection, you would definitely be happy to see MBAM remove it.

It may or may not be possible for the MBAM development team to further fine-tune that detection, but as I'm not part of the team, I can't really comment.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.