Jump to content

False Positive sm56co85.txt (Extension.Mismatch)


lmacri
 Share

Recommended Posts

I updated my database to version 4257 today (29-June-2010) and a subsequent quick scan with MBAM detected an infected file at C:\Windows\System32\sm56co85.txt (Extension.Mismatch). I'm not certain, but just based on the name of the file, I believe this is a valid file installed as part of my Motorola SM56 speakerphone modem software (v. 6.12.25.06). I haven't updated my modem software since 24-Nov-2009 so this file has likely been on my laptop for several months and was just recently detected as a false positive by a recent MBAM database version.

A quick scan run yesterday (28-June-2010) with database version 4233 did not detect this file as infected. I own a registered version of MBAM but do not have MBAM realtime protection enabled because I already have Norton Internet Security 2010 running on my laptop.

After I quarantined C:\Windows\System32\sm56co85.txt, I ran a full scan of my hard drives with MBAM (database version 4257) and there were no other infections on my laptop. My dial-up connection still works so it doesn't appear that removing this file caused any harm.

The scan log (run in developer's mode) is posted below. A .rar file containing the suspicious sm56co85.txt file is attached.

________________

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4257

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

29/06/2010 7:27:07 PM

mbam-log-2010-06-29 (19-27-07).txt

Scan type: Quick scan

Objects scanned: 136687

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\sm56co85.txt (Extension.Mismatch) -> No action taken. [DD659E4D49829416087834C2A4C4B213]

sm56co85.rar

Link to post
Share on other sites

  • 1 month later...

Just following up to my original post. Has anyone from Malwarebytes' investigated if the sm56co85.txt file I submitted is a legitimate threat?

I searched the Symantec and McAfee sites and couldn't find sm56co85.txt listed as a known threat. When I googled "sm56co85.txt", the three sites listed below indicate that sm56co85.txt may be a legitimate file that is required of the Motorola SM56 modem software, but the majority of sites indicated that this file can also contain dangerous code that could hijack your system.

http://www.instantspywareremoval.com/error...56co85.txt.html

http://www.bestregistryscanner.net/exe-err...6co85.txt-error

http://www.bestregistrycare.com/dll-errors/sm56co85.txt.html

Link to post
Share on other sites

  • Staff

The reason MBAM detects this file as extension mismatch is it's an executable file (exe or dll) but with a .txt extension. This file is ok and can be safely added to your ignore list. Unfortunately this is very a very poor practice on the part of Motorola as most malware does this in an effort to try to hide their files. This is most likely a leftover temporary file from the install.

Link to post
Share on other sites

shadowwar:

I have the following four sm56*.* files in my C:\Windows\System32\DriverStore\FileRepository\smserial.inf_e085855c\x86\ folder:

- sm56.dll (192KB, version 1.0.0.1, created 04-Apr-2007, Motorola Inc., Common specific Vista functions for SM56 Helper)

- sm56.reg (309 KB, version unknown, created 12-Mar-2009, Registration Entries)

- sm56co85.dll (504 KB, version 6.12.25.6, created 26-Oct-2009, Motorola Inc., SM56 Modem co-installer)

- sm56hlpr.exe (1.39 MB, version 6.12.25.6, created 26-Oct-2009, Motorola Inc., SM56 Modem Helper

I followed your suggestion and temporarily renamed the suspect sm56co85.txt file in the C:\Windows\System32\ folder to sm56co85.txt.exe. I was then able to view the complete file properties (504 KB, version 6.12.25.6, created 26-Oct-2009, Motorola Inc., SM56 Modem co-installer), which confirms your theory that this sm56co85.txt file is likely a copy of my sm56co85.dll library.

I checked my Windows Update history, and my last Motorola SM56 Modem update (version 6.12.25.6) was delivered on 24-Nov-2009. This update failed the first time I attempted the installation (I received 4 other large Windows updates that same day and suspect that I was prompted to re-start my machine before the modem software installation was complete) so it's possible that the sm56co85.txt file was left behind when some old/temp files were not cleaned up properly.

Thanks for your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.