Jump to content

False Positive


Recommended Posts

Hi. After updating to the new version of the definitions file, I got two hits. My other A/V programs don't detect anything, nor did MBAM when I ran it using an old (literally) definitions file (from 2/27) immediately before I updated.

alwarebytes' Anti-Malware 1.44

Database version: 3816

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/2/2010 6:06:40 PM

mbam-log-2010-03-02 (18-06-36).txt

Scan type: Quick Scan

Objects scanned: 144746

Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: c:\windows\system32\userinit.exe -> No action taken. [8018CF85CA708FD8814F60F6DD8D1B8E]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.PWS) -> Data: system32\userinit.exe -> No action taken. [8018CF85CA708FD8814F60F6DD8D1B8E]

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Should I go ahead and delete these items, or just ignore them?

Link to post
Share on other sites

I don't see an edit button, so....

I sort of misspoke above. Immediately before updating the definitions file and re-running the scan, I ran a scan using a definitions file that was about three days old. I do that before I update to try to weed out f/p's.

Link to post
Share on other sites

Yes. And then run a quick scan using the most recent definitions. That scan should come up clean.

I finally was able to complete the forum registration process so that I could report that I had the same false positive and that when I rescanned using 3817, the problem was gone--I had to register again using a different userid/forumid and email address because I never received the registration confirmation email for my first registration and there is no way to contact any forum admins if you haven't been able to complete the registration process.

To any forum admin reading this post, it would be really helpful if there were a link to the forum on the malwarebytes.org home page because I actually found the forum via a browser search--while I had looked at the "contact us" page a number of months ago, I don't remember seeing the support forum link but, I might have missed it. It would be easier if there were a "support forum" link on the homepage for those of us who can't see beyond the end of our noses...'-}}



Link to post
Share on other sites

On the Malwarebytes homepage, under Contact Us, there's a link to the forum.

Yes...as I noted in my post, I found that after I'd found the forum via a browser search. I still think it would be more helpful to have the link to the forum on the homepage...but as a friend of mine used to say...wtfdik...'-}}



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.