Jump to content

Autorun Eater Component False Positive


testing456

Recommended Posts

Malwarebytes is falsely detecting an Autorun Eater component as a trojan. The file is 'billy.exe'.

Autorun Eater is a legitimate security software by Old McDonald's Farm.

Below is part of the log file:

Malwarebytes' Anti-Malware 1.41

Versione del database: 2775

26/11/2009 13.46.27

mbam-log-2009-11-26 (13-46-27).txt

Tipo di scansione: Scansione completa (C:\|D:\|H:\|N:\|)

Elementi scansionati: 190625

Tempo trascorso: 31 minute(s), 40 second(s)

Processi delle memoria infetti: 1

Moduli della memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 4

Elementi dato del registro infetti: 0

Cartelle infette: 0

File infetti: 4

Processi delle memoria infetti:

C:\Programmi\Autorun Eater\billy.exe (Trojan.Autorun) -> Unloaded process successfully.

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

(Nessun elemento malevolo rilevato)

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:

(Nessun elemento malevolo rilevato)

I've attached the file in this post.

Link to post
Share on other sites

  • Staff

Hi,

This one was already fixed more than a month ago.

So please update your database since you are around 500 updates behind. Then verify if this is fixed. :(

The other detections:

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

those are no false positives.

Link to post
Share on other sites

Hi,

This one was already fixed more than a month ago.

So please update your database since you are around 500 updates behind. Then verify if this is fixed. :(

The other detections:

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

those are no false positives.

Oh, I'll update and see if it still happens. Thank you!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.