Jump to content

False positive system.dll file detection?

DVDguy
 Share

Recommended Posts

DVDguy

DVDguy

Posted
Posted

Hello and greetings, currently running a offline scan with windows defender atm as I type this. I was doing a random scan and it mentions system.dll was detected. out of confusion, I did just update malwarebytes. I will try to scan with a few more processes here in a few, but I wanted to see if this was a new thing popping up or mentioned from anyone else here. Thank you.

 

Danny

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
3 minutes ago, DVDguy said:

but malwarebytes is the only one noticing it.

You need to turn off rootkit scanning.

https://www.virustotal.com/gui/file/b6598384c5ace05924dfa987b9b47777b64d121a023aa2eee65a96781c01a8c1?nocache=1

Given you had rootkit scanning enabled, that might be the reason since this reads user mode with kernel-mode version and when a file is in use at the time, it might see a difference here. This doesn't mean it's a rootkit though. This might just happen when the file is in use. Sometimes this also gives unpredictable results as that engine works slightly different. This is exactly why rootkit scanning is disabled by default when you install Malwarebytes. Also, our current engines are powerful enough already to deal with rootkits even when rootkit scanning is disabled.

Rootkit scanning is not enabled by default. You may want to disable that unless you think you have a rootkit infection.

Rootkit scanning is really aggressive and does ignore some whitelisting which can result in false positives. 
If you decide to keep rootkit scanning on, just be aware of the possibility of false positives.

Edited by Porthos
  • Like 1
Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted
4 minutes ago, Porthos said:

You need to turn off rootkit scanning.

https://www.virustotal.com/gui/file/b6598384c5ace05924dfa987b9b47777b64d121a023aa2eee65a96781c01a8c1?nocache=1

Given you had rootkit scanning enabled, that might be the reason since this reads user mode with kernel-mode version and when a file is in use at the time, it might see a difference here. This doesn't mean it's a rootkit though. This might just happen when the file is in use. Sometimes this also gives unpredictable results as that engine works slightly different. This is exactly why rootkit scanning is disabled by default when you install Malwarebytes. Also, our current engines are powerful enough already to deal with rootkits even when rootkit scanning is disabled.

Rootkit scanning is not enabled by default. You may want to disable that unless you think you have a rootkit infection.

 

Rootkit scanning is really aggressive and does ignore some whitelisting which can result in false positives. 
If you decide to keep rootkit scanning on, just be aware of the possibility of false positives.

 

ok, so nothing to really worry about? I installed dr web trial for now to see if it notices anything going on as well.

Link to post
Share on other sites
  • Staff
blender

blender

Posted
  • Staff
Posted

Hello,

It is an odd place for that file and not a common location for it at all. Probably from extracting an installer to the root of your system drive.
Usually it lives in whatever %programfiles% directories that use it, in randomish named temp directories when the installer is run and contents extracted, and buried in several Assembly directories if they require specific versions of that dll. So there will be multiple versions all over the system. Just rarely ever in root of system drive.
If you know what put it there then you can have MBAM ignore it. It is a super old rule detecting it by path.

Not malicious in itself, so nothing to worry about.

  • Like 1
  • Thanks 1
Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted

sorry for the crude snapshot, i noticed a older program i used msi afterburner was giving me a warning, so i removed it, then this popped up scanning with dr web  doing a offline scan.

IMG_20240529_131943241_HDR.jpg

Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted

I swapped to fancontrol as msi afterburner over time began to fizzle out a bit, but forgotten to uninstall it anyway. uninstalling msi afterburtner caused this to happen?

sorry my anxiety is highly up at the moment.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
4 minutes ago, DVDguy said:

sorry my anxiety is highly up at the moment.

You need to take a breath and stop scanning with every program you can get your hands on.

You are going to make things worse for both your computer and your mental health.

Edited by Porthos
  • Like 1
Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted
4 minutes ago, Porthos said:

You need to take a breath and stop scanning with every program you can get your hands on.

You are going to make things worse both for your computer and your mental health.

Sorry, is this file considered malware? I am learning about alot of this more recently. the file date is 2/16/2015, and is around 103kb.

Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted
Just now, Porthos said:

Probably not considering the software it is related to.

Ok thank you and sorry again, I will try to do a clean update of windows, and call it a day. i noticed my c drive was losing more space over time, I wanted to try to figure out why suddenly it was edging closer to 6.16 out of 111GB. Then this rabbit hole. haha. I usually have a routine of updating my software

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
16 minutes ago, DVDguy said:

I wanted to try to figure out why suddenly it was edging closer to 6.16 out of 111GB.

111 gigs is usually close to what a 120 gig formats to. That is small for running Windows.

 

Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted

looks like my windows borked. :( I am in tears atm from all of this, sorry again for all of this drama from me. all of my hardwork into what i do is now possibly done, it tells me a "grub" error as i boot up into the drive. this was a donation from my brother. he used to use linux, and for me to see this error means windows 10 pro borked.

IMG_20240529_144012527_HDR.jpg

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
1 hour ago, Porthos said:

You need to take a breath and stop scanning with every program you can get your hands on.

You are going to make things worse for both your computer and your mental health.

I am sorry you have more issues now. I did warn you.

Do you have another computer you could build a Windows USB with?

Edited by Porthos
Link to post
Share on other sites
DVDguy

DVDguy

Posted
  • Author
Posted
2 minutes ago, Porthos said:

I am sorry you have more issues now. I did warn you.

Do you have another computer you could build a Windows USB with?

currently installing it atm on this flash drive with my laptop. windows 10 i can not remember if i needed a serial key to activate it with this or not.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
13 minutes ago, DVDguy said:

looks like it wont recover anything from the drive, so i might have to do a fresh install in this instance. sadly.

There are ways to use a Linux boot disk but I do not know your skill level.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.