Jump to content
Sign in to follow this  
Metriod

False positive or not

Recommended Posts

C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

That is the path to msconfig , what OS do you have ?

@Marcin , I have NV of this as well so if that missed we need to get it fixed .

FVI , I started seeing malware divert the real msconfig to a malware one yesterday .

Share this post


Link to post
Share on other sites

Hi :D

I've run into the same problem as shown in the original post. Like Metroid, I'm also using Windows Vista Home Premium. A quick scan in developer mode resulted in the following:

Malwarebytes' Anti-Malware 1.33

Database version: 1723

Windows 6.0.6001 Service Pack 1

4/02/2009 11:38:51 AM

mbam-log-2009-02-04 (11-38-44).txt

Scan type: Quick Scan

Objects scanned: 54429

Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\msconfig.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761567479698088846184908485707820196

1788468807971747215708970]

The problem began to occur upon downloading database version 1723. Here's hoping it's just a false positive :D

If any other files or logs are required, please let me know. I'm not the most computer literate person in the world but i'll do my best hehe

Thank you in advance!

Share this post


Link to post
Share on other sites

Like mine for Windows Vista x64

Original file location should be c:\windows\regedit.exe but in Windows Vista x64 i am not completely sure

79423252ax8.jpg

Malwarebytes' Anti-Malware 1.33Database version: 1723Windows 6.0.6001 Service Pack 1
2/4/2009 2:02:00 AMmbam-log-2009-02-04 (02-02-00).txt
Scan type: Quick ScanObjects scanned: 39576Time elapsed: 29 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:C:\Windows\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully. [385753513430538380756679153472707985130136276156747969808884618490848570782019618370727069748515708970]

I was started the file => open Registry Editor only ?

I was deleted the file => i can still access Start => Run => regedit :D

The file was restored from the quarantine... =>

VirusTotal (0/39%)

MBAM is really aggressive :)

61189134vr4.jpg

87800272fs7.jpg

There shouldn't be any executable files in this folder . Unless you have decided to store this file here yourself I see no way that it can be legit .

http://www.malwarebytes.org/forums/index.p...&hl=decided

MBAM is aggressive against executables in odd locations and that is the case here . If you had named that folder installers or applications this FP would be avoided .

Add this to your ignore list to avoid future detections

http://www.malwarebytes.org/forums/index.php?showtopic=9018

Best regards,

B-boy :D

Share this post


Link to post
Share on other sites

Thank you for your help B-Boy :D

I'm just going to leave it alone and not take any action. At least I can freak out a little less now :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.