Jump to content

Faststone Capture and Viewer

Recommended Posts

False Positives - Please correct - Faststone products are well regarded and in wide use.

Malwarebytes' Anti-Malware 1.41

Database version: 3262

Windows 6.1.7600

30/11/2009 18:31:52

mbam-log-2009-11-30 (18-31-45).txt

Scan type: Full Scan (C:\|W:\|X:\|Y:\|Z:\|)

Objects scanned: 169114

Time elapsed: 24 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\faststone capture (Trojan.Dropper) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\faststone image viewer (Trojan.Dropper) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\FastStone Capture\FSMousePlugin.exe (Trojan.Buzus) -> No action taken.

C:\Program Files\FastStone Capture\uninst.exe (Trojan.Dropper) -> No action taken.

C:\Program Files\FastStone Image Viewer\uninst.exe (Trojan.Dropper) -> No action taken.

Y:\Apps\Faststone\FSCaptureSetup65.exe (Trojan.Dropper) -> No action taken.

Z:\Apps\Faststone\FSCaptureSetup65.exe (Trojan.Dropper) -> No action taken.

Z:\Apps\Faststone\FSViewerSetup40.exe (Trojan.Dropper) -> No action taken.


Share this post

Link to post
Share on other sites

3263 <- make sure you have these defs before you scan , I may have fixed this already while fixing something else .

Share this post

Link to post
Share on other sites
Please try again now .

Clear now. Can I ask why it was being detected in the first place? It's all very well me knowing that FastStone is legit software, but even legit software and legit sites can be hacked, so there's always a chance that what we are convinced should be safe has been compromised. That's what we need to rely on from a tool like MWB. Not lecturing on the subject, just concerned as to why this FP occurred - it has occurred before on the same software I believe...

Share this post

Link to post
Share on other sites

Check PM for details .

In short this was a heuristic hit based on "looking" like other known malware , not a targeted attack against their software .

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.