Jump to content

zamguard64.sys / Zam_guard

Sbird86
 Share

Recommended Posts

Sbird86

Sbird86

Posted
Posted

I have seen a thread on this tagged on the false positives page, but what is this? Where does it come from, and how is it ending up on users devices? I have never downloaded/installed/used the anti-virus software "Zemana" or any other anti-virus software besides Malwarebytes and windows defender.

One of the mods on this forum believes this driver exploit is being added to one of these other anti-virus software which grants access to disable malwarebytes. This is false, and a conspiracy theory. I have never used any other anti-virus software in my life. Somehow these 2 threats showed up on my device at the same time. One was in sys32 and the other was in the registry. They show no signs of where they came from , or what software they came with. Please help me, as I'm not sure this is a false positive.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
25 minutes ago, Sbird86 said:

I have seen a thread on this tagged on the false positives page

Let Malwarebytes remove it. Then,

Please do the following so that we may take a closer look at your system for any possible infections.

WARNING: Do Not click the Repair System under Advanced unless requested by a Malwarebytes support agent or authorized helper

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

     

Thank you

Edited by Porthos
Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted

I installed Malwarefox 2 years ago, I just went through system folders to see if there was something I forgot. Apparently Malwarefox teamed up with Zamguard, but I don't know how recently. Is it possible these old files came from Malwarefox?

Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted

Furthermore, if Malwarebytes would just add the date of the infected file in the info, it would probably resolve millions of headaches a year. I'm finding tons of threads all over the internet with people trying to figure out what this is, where it came from, and what to do about it. I would be able to identify where this came from if Malwarebytes would LOG the file information so that users know when this suspected file was installed.

Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted

For instance, if the date matched the install date of MalwareFox , I would rest assured Malwarebytes is finding a file associated with an old install. However, because Malwarebytes does not show the install date of the flagged file, I have no idea if it's a coincidence, and was something installed on my system recently. If I restore the quarantined file it's just going to show up as a new file with today's date, so that doesn't help. Very frustrating.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

I'm sorry but we don't do forensic analysis of computers. If you truly have to know then I would suggest you contact a local security company that specializes in forensic computer analysis.

The vast majority of users are not willing to pay hundreds of dollars or more to have to know. Most simply want assistance removing which we do for free.

If you want help cleaning the computer please post the logs. If you have to KNOW where or how something got there then please hire a security company to assist.

Thank you

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted
8 hours ago, AdvancedSetup said:

I'm sorry but we don't do forensic analysis of computers. If you truly have to know then I would suggest you contact a local security company that specializes in forensic computer analysis.

The vast majority of users are not willing to pay hundreds of dollars or more to have to know. Most simply want assistance removing which we do for free.

If you want help cleaning the computer please post the logs. If you have to KNOW where or how something got there then please hire a security company to assist.

Thank you

 

I'm not talking about rocket science here. When Malwarebytes has the opportunity to quarantine a file, there's data baked into the file that wouldn't require a forensic expert for analysis. Something as simple as date created on the suspected file/folder would probably resolve countless headaches. I'm simply recommending a feature from the perspective of a user.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted
22 hours ago, Sbird86 said:

One was in sys32 and the other was in the registry. They show no signs of where they came from , or what software they came with.

That is not was you originally asked for. The log that quarantined should have the name, date, and file details for it.

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

 

Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted

I'm not asking for the date it was quarantined. I'm asking for date the file was created. You said this would require forensic analysis, and I'm telling you I wouldn't need a forensics expert if I knew what day the file was created. I don't care what day it was quarantined, I obviously know that since I quarantined it.

Link to post
Share on other sites
Sbird86

Sbird86

Posted
  • Author
Posted

For instance, in the false positives thread, a user mentions that these are legacy drivers from old software. I know that I installed software from the company in question years ago, but I also know I uninstalled it years ago. If the file in question is only a month old, then I know I have a problem. If the file in question was created years ago, then I know exactly where I got it from and don't need to worry about it. Once the file is quarantined, I have no way to find out when the file was created. <~ this is what I'm talking about. Malwayrebytes should at least keep record of things like this to save people from worrying about unknowns.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.