Cookiegal Posted June 22, 2010 ID:272275 Share Posted June 22, 2010 I have a user who ran MBAM and the file C:\WINDOWS\system32\ENCAPI32.DLL was detected as Trojan.Tracur and quarantined. There were no registry entries detected that normally accompany the "bad" encapi32.dll file unless perhaps she ran something that may have deleted them before but not the file itself. She states that she doesn't and never did have MS Encarta on her computer (as I understand the legit file belongs to that program).The problem is that she deleted the file from quarantine already so we don't have access to it. Would a developer's log still be helpful in this case? If so, then I will get one. Please advise.I see another user has posted here about the same possibility but posted in an older thread:http://forums.malwarebytes.org/index.php?showtopic=11180Here's a link to my thread at TSG:http://forums.techguy.org/virus-other-malw...tml#post7456477And a copy of the MBAM log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4214Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.21806/19/2010 1:09:14 AMmbam-log-2010-06-19 (01-09-14).txtScan type: Quick scanObjects scanned: 138579Time elapsed: 9 minute(s), 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ENCAPI32.DLL (Trojan.Tracur) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
Staff nosirrah Posted June 22, 2010 Staff ID:272317 Share Posted June 22, 2010 I think I can fix this without any additional info. Link to post Share on other sites More sharing options...
Cookiegal Posted June 22, 2010 Author ID:272336 Share Posted June 22, 2010 I think I can fix this without any additional info.So I understand that this is indeed a false positive even if the user doesn't have MS Encarta?If so, do you know what other application might install this file legitimately? I'm not finding much on it other than Encarta or the malicious version.Thanks for your assistance. I really appreciate it. Link to post Share on other sites More sharing options...
Staff nosirrah Posted June 22, 2010 Staff ID:272424 Share Posted June 22, 2010 It seems that some of these are indeed malware but the next update should eliminate the FPs. Link to post Share on other sites More sharing options...
Cookiegal Posted June 22, 2010 Author ID:272452 Share Posted June 22, 2010 It seems that some of these are indeed malware but the next update should eliminate the FPs.Thanks Bruce. I really wish she hadn't deleted the file. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now