Jump to content

False Positive of Trojan.Chifrax


Schmed
 Share

Recommended Posts

My daily quick scan has been reporting a false Trojan.Chifrax detection in a temp directory. Running mbam.exe /developer does not produce the same result. There is no setup.exe file in the directory where the trojan is allegedly detected. I have zipped up both log files and a printout of the directory's contents at the time of detection so that you can see what's going on.

The basics:

Win7 Pro

3 GB RAM

2 hard drives : C:\ = 80GB; D:\ = 300GB

Malwarebytes 1.46; database version 4140

Please let me know what else you need. I'd like to keep running MBAM but if I keep getting false positives, I'll need to find something more reliable.

TrojanChifrax.zip

Link to post
Share on other sites

Getting same problem.

Installed malwarebytes 3 days ago to investigate a about:blank spyware.

Upon reboot malwarebytes detects a trojan.chifrax in c:\windows\temp\setup.exe on startup of PC and deletes it.

Interestingly enough, when I reboot and quickly go to Explorer, the setup.exe is there and it's deleted (presumably by malwarebytes), so, it does exist.

I suppose I should try and copy it and then check it with another spyware/adware program to see if it's really a problem, or it's a false positive and setup.exe is being created by something else on startup.

I'm suspicious that it's indeed the trojan since I still have the about:blank and have not solved this problem yet, so something is playing havoc with my PC

Link to post
Share on other sites

If one of you , please zip and attach the file actually being detected to your next post , we cant do much without that .

That's the whole problem: there IS no file! :welcome: In my case, it says "setup.exe". When I go to my directory that has the alleged infection, I find no such file (see the listing in my ZIP file). That's why the title of this thread is FALSE POSITIVE.

Link to post
Share on other sites

  • Staff
That's the whole problem: there IS no file! :welcome: In my case, it says "setup.exe". When I go to my directory that has the alleged infection, I find no such file (see the listing in my ZIP file). That's why the title of this thread is FALSE POSITIVE.

Actually, I think this makes it a false\negative.

Please disable the SuperFecth service, reboot and update Malwarebytes and see if this returns.

Link to post
Share on other sites

Actually, I think this makes it a false\negative.

Please disable the SuperFecth service, reboot and update Malwarebytes and see if this returns.

I ran an update a couple of days ago and it has not recurred. Thanks for your advice!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.