Jump to content

False Positive - wouldn't quarantine - INSTALL

ShyWriter

By ShyWriter
in File Detections

 Share

Recommended Posts

ShyWriter

ShyWriter

Posted
Posted (edited)

I was working with the new OPERA 10.60 build 3445 and installed it to try it out. I went to a page and it said I needed to install Adobe FLASH PLAYER. During the Adobe install, MBAM Pro EXEC Protection popped up with this:

I hit QUARANTINE and proceeded.. Flash installed.

I was asked to submit this as a possible FP *but* when I went to quarantine to zip it for upload, it wasn't there. I ran a quick scan - nothing.. I then checked the PROTECTION-LOG for today. The results follow and the problem is highlighted in RED.

00:27:06 Steve MESSAGE Scheduled update executed successfully

00:27:08 Steve MESSAGE IP Protection stopped

00:27:09 Steve MESSAGE Scheduled scan executed successfully

00:27:19 Steve MESSAGE Database updated successfully

00:27:21 Steve MESSAGE IP Protection started successfully

10:09:24 Steve MESSAGE Protection started successfully

10:09:29 Steve MESSAGE IP Protection started successfully

11:27:04 Steve MESSAGE Scheduled update executed successfully

11:27:05 Steve MESSAGE IP Protection stopped

11:27:08 Steve MESSAGE Scheduled scan executed successfully

11:27:10 Steve MESSAGE Database updated successfully

11:27:11 Steve MESSAGE IP Protection started successfully

12:44:48 Steve IP-BLOCK 69.162.79.76

14:27:05 Steve MESSAGE Scheduled update executed successfully

14:27:05 Steve MESSAGE IP Protection stopped

14:27:08 Steve MESSAGE Scheduled scan executed successfully

14:27:14 Steve MESSAGE Database updated successfully

14:27:15 Steve MESSAGE IP Protection started successfully

16:19:42 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.exe Trojan.Agent QUARANTINE

16:19:43 Steve ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:19:44 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent QUARANTINE

16:19:45 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.exe Trojan.Agent DENY

16:19:45 Steve ERROR Quarantine failed: UtilityReadFile failed with error code 2

16:19:45 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent DENY

16:19:45 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.exe Trojan.Agent DENY

16:19:45 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent DENY

16:19:47 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent DENY

16:19:50 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent DENY

16:19:50 Steve DETECTION C:\Users\Steve\AppData\Local\Temp\Opr71A.tmp.com Trojan.Agent DENY

17:04:25 Steve IP-BLOCK 75.126.200.196

17:04:34 Steve IP-BLOCK 75.126.200.196

17:05:23 Steve IP-BLOCK 213.174.140.113

17:05:23 Steve IP-BLOCK 213.174.140.113

:)

~Shy

PS: Should I attempt to locate the NON-quarantined file on my HD and zip it?

17:50 NEVERMIND: that filename doesn't exist any longer.. I don't have a clue; YES; my system is set to show hidden and system files in the file manager.

Edited by ShyWriter
Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

I am running a FULL scan with MBAM /developer mode and off to cook supper. If MBAM doesn't pop again I'm going to assume it was a ghost Opera install piece left over that went by way of black magic. Will edit this with results of scan when it finishes. And I'll ZIP the developer mode log and attach if anything is found.

Thanks for your patience.

~Shy

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

Nothing found - no pops:

This scan was initiated from the command line in developer mode. I saw no indication of any specially named "developer" log. Is there one??

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4265

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

7/1/2010 8:00:30 PM

mbam-log-2010-07-01 (20-00-30).txt

Scan type: Full scan (C:\|)

Objects scanned: 370884

Time elapsed: 1 hour(s), 45 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thanks again for your help; and patience.

~Shy

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.