Jump to content

False positive or not


Recommended Posts


That is the path to msconfig , what OS do you have ?

@Marcin , I have NV of this as well so if that missed we need to get it fixed .

FVI , I started seeing malware divert the real msconfig to a malware one yesterday .

Link to post
Share on other sites

  • 8 months later...

Hi :D

I've run into the same problem as shown in the original post. Like Metroid, I'm also using Windows Vista Home Premium. A quick scan in developer mode resulted in the following:

Malwarebytes' Anti-Malware 1.33

Database version: 1723

Windows 6.0.6001 Service Pack 1

4/02/2009 11:38:51 AM

mbam-log-2009-02-04 (11-38-44).txt

Scan type: Quick Scan

Objects scanned: 54429

Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msconfig.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761567479698088846184908485707820196


The problem began to occur upon downloading database version 1723. Here's hoping it's just a false positive :D

If any other files or logs are required, please let me know. I'm not the most computer literate person in the world but i'll do my best hehe

Thank you in advance!

Link to post
Share on other sites

Like mine for Windows Vista x64

Original file location should be c:\windows\regedit.exe but in Windows Vista x64 i am not completely sure


Malwarebytes' Anti-Malware 1.33Database version: 1723Windows 6.0.6001 Service Pack 1
2/4/2009 2:02:00 AMmbam-log-2009-02-04 (02-02-00).txt
Scan type: Quick ScanObjects scanned: 39576Time elapsed: 29 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:C:\Windows\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully. [385753513430538380756679153472707985130136276156747969808884618490848570782019618370727069748515708970]

I was started the file => open Registry Editor only ?

I was deleted the file => i can still access Start => Run => regedit :D

The file was restored from the quarantine... =>

VirusTotal (0/39%)

MBAM is really aggressive :)



There shouldn't be any executable files in this folder . Unless you have decided to store this file here yourself I see no way that it can be legit .


MBAM is aggressive against executables in odd locations and that is the case here . If you had named that folder installers or applications this FP would be avoided .

Add this to your ignore list to avoid future detections


Best regards,

B-boy :D

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.