Kahai Posted March 3, 2010 ID:208962 Share Posted March 3, 2010 I am pretty sure this is a false positive, checked file creation and modification date and it was the same as 80% of the other files in the drivers folder.I didn't want to accidentally delete anything critical, so I thought it'd be safer just to get a few second opinions. Details are as follows.Malwarebytes' Anti-Malware 1.44Database version: 3818Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21804/03/2010 12:34:41 AMmbam-log-2010-03-04 (00-34-40).txtScan type: Quick ScanObjects scanned: 133749Time elapsed: 10 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac (Trojan.MultipleAV) -> Not selected for removal.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\drivers\asyncmac.sys (Trojan.MultipleAV) -> Not selected for removal. Link to post Share on other sites More sharing options...
whatmeworry? Posted March 3, 2010 ID:208974 Share Posted March 3, 2010 I too am wondering about this result. I'm running the same OS with the same newly updated set of MBAM definitions, and a quick scan this morning revealed the exact same two suspect pieces of malware. My guess is a false positive, but I'd like to be sure. Link to post Share on other sites More sharing options...
whatmeworry? Posted March 3, 2010 ID:208984 Share Posted March 3, 2010 I've now also run a developer's log, which follows:Malwarebytes' Anti-Malware 1.44Database version: 3818Windows 5.1.2600 Service Pack 2Internet Explorer 8.0.6001.187023/3/2010 9:13:09 AMmbam-log-2010-03-03 (09-11-57).txtScan type: Quick ScanObjects scanned: 128912Time elapsed: 6 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asyncmac (Trojan.MultipleAV) -> No action taken. [9998C03AD133F02315B1FF170B94C117]Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\drivers\asyncmac.sys (Trojan.MultipleAV) -> No action taken. [9998C03AD133F02315B1FF170B94C117] Link to post Share on other sites More sharing options...
Staff S!Ri Posted March 3, 2010 Staff ID:208987 Share Posted March 3, 2010 Hellofixed in a moment, thank youRegards Link to post Share on other sites More sharing options...
whatmeworry? Posted March 3, 2010 ID:208992 Share Posted March 3, 2010 Thanks very much! I'm glad to know it's a false positive. However, I thought I'd mention that when I tried to tell MBAM to ignore it (when it produced its first Quick Scan results), it told me I had to select an item, even though both items were already checked. I finally just exited from MBAM, even though it claimed a scan was still in progress. This seems rather strange. Link to post Share on other sites More sharing options...
exile360 Posted March 4, 2010 ID:209305 Share Posted March 4, 2010 Hello B)In order to have the scanner ignore a detected item you must click on it once to highlight it, then click the Ignore Selected button. You'll need to do this for each item you wish to ignore or I believe you can also use CTRL+the left mouse button to select more than one at a time. Once that's done, click Remove Selected (even if the detection window is empty) and you will be notified that there are no items left to remove. You may then click on the Main Menu button B).edit: the CTRL key does not work for selecting multiples, they must be selected individually (just checked). Link to post Share on other sites More sharing options...
whatmeworry? Posted March 4, 2010 ID:209307 Share Posted March 4, 2010 Thanks very much for this helpful information. If I recall correctly, I wasn't able to highlight more than one at a time with CTL [oops, I just noticed that you changed your message], and I didn't realize that I could deal with each item individually. I'll keep this in mind for the future. If there are no items left, is it really necessary to click on Remove Selected? Link to post Share on other sites More sharing options...
exile360 Posted March 4, 2010 ID:209325 Share Posted March 4, 2010 No, it's not really necessary, but if you don't, you get a message informing you that you're in the middle of a scan, which can be a bit confusing for some B). Either way, it really makes no difference B). Link to post Share on other sites More sharing options...
whatmeworry? Posted March 4, 2010 ID:209500 Share Posted March 4, 2010 Ah, so that's how to get rid of the perplexing "You're in the middle of a scan" message! Many thanks yet again! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now