Jump to content
Sign in to follow this  
Kahai

asyncmac.sys

Recommended Posts

I am pretty sure this is a false positive, checked file creation and modification date and it was the same as 80% of the other files in the drivers folder.

I didn't want to accidentally delete anything critical, so I thought it'd be safer just to get a few second opinions. Details are as follows.

Malwarebytes' Anti-Malware 1.44

Database version: 3818

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

4/03/2010 12:34:41 AM

mbam-log-2010-03-04 (00-34-40).txt

Scan type: Quick Scan

Objects scanned: 133749

Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac (Trojan.MultipleAV) -> Not selected for removal.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\asyncmac.sys (Trojan.MultipleAV) -> Not selected for removal.

Share this post


Link to post
Share on other sites

I too am wondering about this result. I'm running the same OS with the same newly updated set of MBAM definitions, and a quick scan this morning revealed the exact same two suspect pieces of malware. My guess is a false positive, but I'd like to be sure.

Share this post


Link to post
Share on other sites

I've now also run a developer's log, which follows:

Malwarebytes' Anti-Malware 1.44

Database version: 3818

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

3/3/2010 9:13:09 AM

mbam-log-2010-03-03 (09-11-57).txt

Scan type: Quick Scan

Objects scanned: 128912

Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac (Trojan.MultipleAV) -> No action taken. [9998C03AD133F02315B1FF170B94C117]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\asyncmac.sys (Trojan.MultipleAV) -> No action taken. [9998C03AD133F02315B1FF170B94C117]

Share this post


Link to post
Share on other sites

Thanks very much! I'm glad to know it's a false positive. However, I thought I'd mention that when I tried to tell MBAM to ignore it (when it produced its first Quick Scan results), it told me I had to select an item, even though both items were already checked. I finally just exited from MBAM, even though it claimed a scan was still in progress. This seems rather strange.

Share this post


Link to post
Share on other sites

Hello B)

In order to have the scanner ignore a detected item you must click on it once to highlight it, then click the Ignore Selected button. You'll need to do this for each item you wish to ignore or I believe you can also use CTRL+the left mouse button to select more than one at a time. Once that's done, click Remove Selected (even if the detection window is empty) and you will be notified that there are no items left to remove. You may then click on the Main Menu button B).

edit: the CTRL key does not work for selecting multiples, they must be selected individually (just checked).

Share this post


Link to post
Share on other sites

Thanks very much for this helpful information. If I recall correctly, I wasn't able to highlight more than one at a time with CTL [oops, I just noticed that you changed your message], and I didn't realize that I could deal with each item individually. I'll keep this in mind for the future.

If there are no items left, is it really necessary to click on Remove Selected?

Share this post


Link to post
Share on other sites

No, it's not really necessary, but if you don't, you get a message informing you that you're in the middle of a scan, which can be a bit confusing for some B). Either way, it really makes no difference B).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.