Jump to content

Recommended Posts

Got a random detection today from an MBAM automatic scan that suggests infection by a random trojan with the FakeMBAM tag.

Ran multiple  quick scans with every anti-virus and anti-malware solution I could think of:

  • MBAM
  • Sophos Scan and Clean
  • HitmanPro
  • NPE
  • Adwcleaner
  • Roguekiller
  • KVRT

All came back clean, is this safe to assume it's some kind of false positive?

 

Malwarebytes detection history itself lists the detection as 

Trojan.FakeMBAM.Silent STRING-NOT-ADDED C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\MBCUT.DLL-K.MBAM

Trojan.FakeMBAM.Silent, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\MBCUT.DLL-K.MBAM, Delete-on-Reboot, 12247, 1240213, 0.0.0, , ame, , 0834E8D45B5AA240DD92F7FD34DE0ECE, 84D7060E2B23608B9ECBE2046F1BD3F05E24F7FBBFB38AE40A724318020592C6

Malwarebytes Scan Report 2024-04-19 210909.txt

Link to post
Share on other sites

2 minutes ago, SSG_Kitami said:

Got a random detection today from an MBAM automatic scan that suggests infection by a random trojan with the FakeMBAM tag.

Quote

Rootkits: Enabled

Given you had rootkit scanning enabled, that might be the reason since this reads usermode with kernelmode version and when a file is in use at the time, it might see a difference here. This doesn't mean it's a rootkit though. This might just happen when the file is in use. Sometimes this also gives unpredictable results as that engine works slightly different. This is exactly why rootkit scanning is disabled by default when you install Malwarebytes. Also because our current engines are powerful enough already to deal with rootkits even when rootkit scanning is disabled.

 

Rootkit scanning is not enabled by default. You may want to disable that unless you think you have a rootkit infection.

Rootkit scanning is really aggressive and does ignore some whitelisting which can result in false positives. 
If you decide to keep rootkit scanning on, just be aware of the possibility of false positives.

 

Link to post
Share on other sites

I have exactly the same problem this evening . I have quarantined and deleted this many times this evening but each time I reboot and rescan, it is picked up again.

Yesterday's scan came back completely clean, it was only when I scanned this evening on booting up my pc for the first time that this trojan was detected. 

Link to post
Share on other sites

Same problem here. Went to file location, but there was nothing there.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/19/24
Scan Time: 9:04 PM
Log File: 55073c4a-feba-11ee-8998-00acc654d498.json

-Software Information-
Version: 4.6.11.320
Components Version: 1.0.2302
Update Package Version: 1.0.83639
License: Free

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: Shizuka\Andrew

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 216970
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 34 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.FakeMBAM.Silent, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\TMP\UIPLUGIN.ELXR-17_TEST-B.X64.DLL-K.MBAM, No Action By User, 12247, 1240213, 0.0.0, , ame, , ,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.