Jump to content

MSBUILD.DLL - Spyware RedLineStealer or FalsePositive?

Simbax

By Simbax
in File Detections

 Share

Recommended Posts

Simbax

Simbax

Posted
Posted

I've had this file on my computer for a while now. I'm doing on a regular basis manual scans with Malwarebytes (Also with Avira and Windows Defender) and didn't had any notification about any kind of malware since today. 

Now after starting my regular manual scan today, I saw that Malwarebytes found something. It marked the file "Msbuild.dll" as "Spyware.RedLineStealer" and I got worried. After checking the location of the file (while the scan was still running) I thought about submitting it to VirusTotal and Intezer Analyze and both of them didn't marked the file as malware or malicious (I checked on each site the file twice). I wasn't sure on what to do, so I though maybe somebody from the staff could help me and figure out if this is a false positive or something to be afraid of. 

As of right now, the file is in quarantine.  

In the attachment is the txt-file of the resulting scan.

 

Note: After doing some long research on the internet, I've found out that the "mono" - folder (which contains the dll file) with two other folders ("system" and "system64") are most likely leftovers from the deinstallation of a unity game called "SCP - Secret Laboratory". The game itself was downloaded from steam and is quite popular, so I am not sure why this file got flagged anyway since the past scans didn't showed something wrong with it. But since I take any kind of flagged file seriously I still wanted to ask the staff if this is a false positive or not (I wanted to delete these 3 folders anyway but forgot about it). 

Another note: All 3 of these folders are located on my D:/ drive. 

scan-result.txt

Link to post
Share on other sites
  • Staff
cli

cli

Posted
  • Staff
Posted

The file was detected by a recently added rule that was picking up non-malicious files so was removed as a result. We checked the file and it wasn't malicious and like you said, when ran through VirusTotal, none of the other vendors detected it. If you are concerned about the file, it is in quarantine and you can delete it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.