Jump to content

Malware.AI.2996531189 Infection or a False Positive

RRamdeo

By RRamdeo
in File Detections

 Share

Recommended Posts

RRamdeo

RRamdeo

Posted
Posted

Hello,

Last month I posted a thread concerning a malware detection that ended up being classified as a false positive.

Name: "Malware.AI.2996531189" from file "C:\SWSETUP\DRV\NETWORK\RALINK\RALINKBT\9.2.10.4\SRC\X86\BLUESO~1. CAB.

That infected file was created on and last modified on 7/30/2012.

As mentioned in the linked previous topic, this computer is over a decade old and is mostly used for some slight tasks like for printing and editing word files. The computer wasn't used since the last "infection" so I'm assuming this is another false positive, but I thought i would post here again for any feedback.

The file in question has not been quarantined yet since after checking it, I think it deals with the WIFI bluetooth component of the computer. I will quarantine it if told to do so. Also, I'm just wondering if this computer being over a decade old could be triggering these false positives, if this is indeed another one, and if I would be better off replacing the computer and removing it.

In any case, thank you in advance for any help.

Have A Great Day. 

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
4 hours ago, RRamdeo said:

Name: "Malware.AI.2996531189" from file "C:\SWSETUP\DRV\NETWORK\RALINK\RALINKBT\9.2.10.4\SRC\X86\BLUESO~1. CAB.

Please post the detection log for this detection.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites
RRamdeo

RRamdeo

Posted
  • Author
Posted

Hello,

Thank you for the reply. I attached the Detection log to this post. I also ended up putting the infected file into quarantine to generate the log. After doing so, I rescanned and everything came up clean. But any advice on how to proceed to see if this is a serious infection would be much appreciated.

Thank you for your time. Have a great day.

Malwarebytes Detection Log for RRamdeo.txt

Link to post
Share on other sites
RRamdeo

RRamdeo

Posted
  • Author
Posted

Hello,

Thank you for the response. Its comforting to see that nothing flagged the file as malicious. I'll will restore the file and rescan now and update on the results. Any idea on why it would be flagged as positive though? And, moving forward, should I not do custom scans and just stick with the regular threat scan unless something is flagged as positive? 

Thanks again for all the help.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
On 9/21/2023 at 8:21 PM, RRamdeo said:

"Malware.AI.2996531189"

It was an "Ai" detection. It walked like a duck and so on. Malwarebytes Ai temporarily thought it really was a duck so it "caged" it. Because the AI is learning it figured out it was a goose and stopped "calling" it a duck.

 

Ok, enough of Mother Goose for me. Thought that was a wild goose chase of a story? I'm here all week.

Edited by Porthos
Link to post
Share on other sites
RRamdeo

RRamdeo

Posted
  • Author
Posted

Hello,

Thanks again for the reply. I'm not sure I completely get the the duck and goose thing, but I think I get the overall idea.

So, when I scanned again after restoring the file from quarantine, the scan picked it up again. I attached the Detection log file. So, is this just a false positive that I should just leave in quarantine, or is there anything else that I should do before classifying it as a false positive? Any further advice is appreciated.

Thanks for all of the help. It's greatly appreciated.

 

 

Malwarebytes Detection Log for RRamdeo Sept 23, 2023.txt

Link to post
Share on other sites
  • Staff
blender

blender

Posted
  • Staff
Posted

Hello,

Thanks for the log. I'm not seeing a detection on my machine.. it has likely been fixed already.
Please check that you have the latest databases. Should be on Update Package Version: 1.0.75575 or newer.
You can see this from Settings >> about.

If it is still detected ...

Can I get another log from you please?

You'll probably need to show hidden files/folders first. (how-to if you need it: https://support.microsoft.com/en-us/windows/view-hidden-files-and-folders-in-windows-97fbc472-c603-9d90-91d0-1166d1d9f4b5)

Go here:

C:\ProgramData\Malwarebytes\MBAMService\ScanResults

Grab the newest scan log (it'll probably be around 4kb). Zip it and attach to your next reply.

 

Thanks!

 

Link to post
Share on other sites
RRamdeo

RRamdeo

Posted
  • Author
Posted

Hello,

So after updating and rescanning, nothing came up. I scanned the file individually and also nothing came up. 

So I am assuming the file was a false positive after all. If that is the case, thank you for all of the help. 

If there is anything else I need to do please let me know. I didn't attach any scan logs since nothing was detected.

Thank you again for all of the help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.