tedus987 Posted March 19, 2022 ID:1507750 Share Posted March 19, 2022 so i noticed Mbam report a file, it suggests an AMD file is a trojan in the file store. most likely an FP Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 19/03/2022 Scan Time: 15:18 Log File: d31263ca-a797-11ec-b204-00ff36ec70ee.json -Software Information- Version: 4.5.6.180 Components Version: 1.0.1634 Update Package Version: 1.0.52580 Licence: Free -System Information- OS: Windows 10 (Build 19044.1586) CPU: x64 File System: NTFS User: Sarahs-Gaming-Rig\sarah -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 899296 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 4 hr, 50 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.StolenCert, C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNMS002.INF_AMD64_C3BD6686769EE10C\AMD64\FXSRES.DLL, No Action By User, 7504, 1035139, 0.0.0, , ame, , 95F6F0D21ECDABB1DDB503B3BDC38CA8, 8A9552C227FBA50B7C196E16EA5D01E0357E17F3AFEFD65EC3AF1C0C6CD9FEFA Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) false positive results.txt false positive.zip Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 19, 2022 Staff ID:1507759 Share Posted March 19, 2022 Can you attach the mbamservice.log located in: C:\ProgramData\Malwarebytes\MBAMService\logs This should of not been detected with the def that its reported in the log. The def looks for a stolen nvidia certificate and this isn't a nvidia file. The file is whitelisted cloud wise but may not work with rootkit mode on. Scanning in rootkit mode does eliminate some whitelisting. It should only be used if there is an infection that we cant remove from normal scan mode. Link to post Share on other sites More sharing options...
tedus987 Posted March 20, 2022 Author ID:1507766 Share Posted March 20, 2022 done MBAMSERVICE.LOG Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 20, 2022 Staff ID:1507801 Share Posted March 20, 2022 Can you run a scan again exactly like before. We want to see if its detected again or a 1 time fluke. Link to post Share on other sites More sharing options...
tedus987 Posted March 20, 2022 Author ID:1507806 Share Posted March 20, 2022 I can do that, will let you know the results. Link to post Share on other sites More sharing options...
tedus987 Posted March 20, 2022 Author ID:1507822 Share Posted March 20, 2022 Scan completed, it didn't detect anything. Link to post Share on other sites More sharing options...
Staff shadowwar Posted March 20, 2022 Staff ID:1507850 Share Posted March 20, 2022 Ok keep us posted if it happens again. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now