Jump to content

Are these false positives?


Slify
 Share

Recommended Posts

Today is my first time with Malwarebytes and it detected 57 files, some of them I can believe are malicious, but others not so much.

Some of the files that stood out were:

C:\WINDOWS\system32\gtv_sd.bin (Malware.Trace)

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace)

C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware)

C:\WINDOWS\system32\vxddsk.exe (Fake.Dropped.Malware)

C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware)

C:\WINDOWS\system32\wml.exe (Fake.Dropped.Malware)

C:\WINDOWS\bjam.dll (Fake.Dropped.Malware)

C:\WINDOWS\cookies.ini (Malware.Trace)

C:\WINDOWS\default.htm (Trojan.Agent)

C:\WINDOWS\didduid.ini (Fake.Dropped.Malware)

C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware)

C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware)

C:\WINDOWS\vxddsk.exe (Fake.Dropped.Malware)

C:\WINDOWS\wml.exe (Fake.Dropped.Malware)

and there were registry keys such as

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

and there were about 15 with numbers that look like it, though two of them were labled as (Rogue.DriveCleaner) and (Trojan.Vundo)/

They look just like what's been said not to be malicious in this post http://forums.malwarebytes.org/index.php?s...amp;#entry19864

I rebooted my computer and I got a blue-screen-esque message that said it was dumping some of those files (I didn't really catch it since it happened quickly)

Is it normal to get these on the first scan? Should I delete them?

Link to post
Share on other sites

  • Staff

The block you posted is typical of a fake malware scanner dropping fake files that it then detects as malware .

Malwarebytes cleans up these traces in most cases .

Without a full scan log this is the end of the assistance we can offer .

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4105

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

5/16/2010 6:53:04 AM

mbam-log-2010-05-16 (06-53-04).txt

Scan type: Quick scan

Objects scanned: 142262

Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 27

Registry Values Infected: 4

Registry Data Items Infected: 2

Folders Infected: 2

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01cd0b31-9154-45f2-9414-f5d64b74eaf6} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

C:\Documents and Settings\kelly ipod\Application Data\searchtoolbarcorp (Trojan.Agent) -> No action taken.

C:\Documents and Settings\kelly ipod\Application Data\searchtoolbarcorp\Toolbar Vision (Trojan.Agent) -> No action taken.

Files Infected:

C:\Documents and Settings\kelly ipod\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt (Trojan.Agent) -> No action taken.

C:\Documents and Settings\kelly ipod\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt (Trojan.Agent) -> No action taken.

C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.

C:\WINDOWS\system32\gtv_sd.bin (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\vxddsk.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\system32\wml.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.

C:\WINDOWS\default.htm (Trojan.Agent) -> No action taken.

C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\vxddsk.exe (Fake.Dropped.Malware) -> No action taken.

C:\WINDOWS\wml.exe (Fake.Dropped.Malware) -> No action taken.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.