Jump to content
Sign in to follow this  
Prm753

Two new FP

Recommended Posts

Logfile:

Malwarebytes' Anti-Malware Version 0.72

Database version: 200

This logfile was saved before the removal process.

Scan type: Quick Scan

Objects scanned: 16368

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\PhotoShow.scr (Backdoor.Bot) -> No action taken.

C:\Documents and Settings\Paul\explorer.wav (Heuristics.Reserved.Word.Exploit) -> No action taken.

---

explorer.wav was 0 bytes. Not sure what that's doing on my PC, but it's an FP.

PhotoShow.scr is a small file that comes with the "SimpleStar" software that you get when you develop film at drugstore like a Walgreens or a CVS.

Thanks! :angry:

Share this post


Link to post
Share on other sites

Both are heuristic hits .

The first is to keep files from being named reserved words (common malware tactic) . It is a good thing that your file got nabbed because that indicated that this heuristic method is working .

The other is a common malware name and location . It was a lack of research on the part of SimpleStar that led them to choosing this name or an intentional use of a known good file name .

Could you zip and upload the second file for me (PhotoShow.scr) ? I need to check to see what it has for version information .

We will be adding an extra piece to the heuristics that skips these hits if their is legit version info , that will allow me to keep this def while missing your file .

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.