Jump to content

False Positive on OpenOffice Updater?


skaw847

Recommended Posts

Hi,

got a Threat Detection this morning after booting up. MBAM quarantined the folder 'OpenOffice Updater' which seems to be empty, at least after removing it from quarantine and taking a look!? Have to admit it's odd that this folder is next to the regular 'OpenOffice' folder inside /AppData and not inside it?!

Still a false positive?

 

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 18.11.22
Scan-Zeit: 09:51
Protokolldatei: 262238b0-671e-11ed-9e9e-2c4d54d41ce3.json

-Softwaredaten-
Version: 4.5.17.221
Komponentenversion: 1.0.1806
Version des Aktualisierungspakets: 1.0.62452
Lizenz: Premium

-Systemdaten-
Betriebssystem: Windows 10 (Build 19044.2251)
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 339187
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 5 Min., 23 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.FakeOpenOffice, C:\USERS\SKAW\APPDATA\ROAMING\OPENOFFICE UPDATER, In Quarantäne, 1400, 1100251, 1.0.62452, , ame, , , 

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)

 

oo-upd.txt

Link to post
Share on other sites

  • Staff

Hi,

This isn't a false positive. OpenOffice doesn't install this folder. This one is often installed as a part of an Adware bundle. The reason why this folder might be empty is because the adware file inside got deleted already. We only added detection for this folder since recently, that's why you suddenly get this detection :)

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.