Jump to content

Visual Studio VSHOST.EXE


halflife3
 Share

Recommended Posts

Hi, sorry for bad english!

Im think that file is detected as false positive, it is found in C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ and the malwarebytes recognize as Trojan.Agent, not only this files, but in all projects of visual studio 2008!

with database 4052 the program not recognize this files a Trojan.Agent!

Please check the file!

Thank you!

vshost.zip

Link to post
Share on other sites

Andy, your attached file is not detected, please post a developers log :

http://forums.malwarebytes.org/index.php?showtopic=3228

Hello nosirrah,

Couple of problems with this request:

  • Followed the instructions and got the message "MBAM is already running"
  • Closed MBAM down and tried again, and still got the same message
  • even if I get it to run as suggested, I can't "do the same scan as I did before" because I wasn't doing a scan when I got the warning about the Visual Studio file -it was a warning at startup

Please can you advise what I need to do next? In the meantime, I've tried re-zipping the offending file (a different way) and reattaching it. I seem to be having issues with WinRAR at the moment. Upload facility says (again) "Upload successful and is available from the 'Manage Current Attachments' menu".

ControlsDictionary.vshost.zip

Link to post
Share on other sites

It has nothing to do with how you are zipping or attaching the file, it is simply not an executable file to begin with and as a result cant even be detected on my end.

I didn't say it was an executable file, and I don't see what difference that would make? It's just a file to be zipped up and sent. I've looked and what it actually is is a file called "ControlsDictionary.vshost.exe.config". The config "extension" is being hidden since it is a known file type, and the MBAM message is quoting the residual name verbatim. Why on Earth anyone who isn't up to no good would choose to name a file with a double extension to make it look like something it isn't is beyond me. But it's something that MS appear to be quite fond of with the advent of .NET.

Are you saying that any attachment that is not an exe just gets filtered out, on grounds that it can't be a "proper" false positive?

How do you advise me to proceed with trying to get a developer's log?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.