Jump to content
ky331

wdfmgr.exe detected as trojan.agent by dbf ver 1068

Recommended Posts

Malwarebytes' Anti-Malware 1.25

Database version: 1068

Windows 5.1.2600 Service Pack 3

9:38:53 PM 8/18/2008

mbam-log-08-18-2008 (21-38-49).txt

Scan type: Quick Scan

Objects scanned: 46409

Time elapsed: 3 minute(s), 25 second(s)

Registry Keys Infected: 4

Files Infected: 1

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umwdf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\umwdf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\umwdf (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\umwdf (Trojan.Agent) -> No action taken.

Files Infected:

C:\WINDOWS\system32\wdfmgr.exe (Trojan.Agent) -> No action taken.

--------------------------------------------------------------------

wdfmgr.exe = [Microsoft] Windows User Mode Drive Manager

umwdf = enables windows user mode drivers -Windows User Mode Drive Framework

Share this post


Link to post
Share on other sites

developer mode log:

Malwarebytes' Anti-Malware 1.25

Database version: 1068

Windows 5.1.2600 Service Pack 3

7:11:50 PM 8/18/2008

mbam-log-08-18-2008 (19-11-43).txt

Scan type: Quick Scan

Objects scanned: 42363

Time elapsed: 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wdfmgr.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301362761564247374856526184908485707820196

188697178728315708970]

Share this post


Link to post
Share on other sites

same for me, but i took action and deleted on system restart as instructed. was it the wrong thing to do? will this cause issues with media player for me?

maybe i should do system restore.... i'm confused ;) please help!

Malwarebytes' Anti-Malware 1.25

Database version: 1068

Windows 5.1.2600 Service Pack 3

9:26:38 PM 8/18/2008

mbam-log-08-18-2008 (21-26-38).txt

Scan type: Quick Scan

Objects scanned: 45843

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umwdf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\umwdf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\umwdf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\umwdf (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\wdfmgr.exe (Trojan.Agent) -> Delete on reboot.

Share this post


Link to post
Share on other sites

Just FYI:

I learned of this FP just after 10 PM locally, over in the Dell forum, and confirmed it on my PC. I laid a bet at 10:26 at Dell that it would be fixed by midnight. There were no takers, and you beat my prediction by an hour - an outstanding response time!

Share this post


Link to post
Share on other sites
I learned of this FP just after 10 PM locally, over in the Dell forum, and confirmed it on my PC. I laid a bet at 10:26 at Dell that it would be fixed by midnight. There were no takers, and you beat my prediction by an hour - an outstanding response time!

Let's not get too carried away with praise for fixing a mistake quickly. It is still a mistake.

Sure, they happen, but fp's cause a lot of users a lot of problems... like brad here

but i took action and deleted on system restart as instructed. was it the wrong thing to do? will this cause issues with media player for me?

maybe i should do system restore.... i'm confused ;) please help!

What was he told to do?

That's the real story on a thread about a false positive. Not pats on the back for the guys who fix their own issues.

Share this post


Link to post
Share on other sites
Let's not get too carried away with praise for fixing a mistake quickly. It is still a mistake.

Sure, they happen, but fp's cause a lot of users a lot of problems... like brad here

What was he told to do?

That's the real story on a thread about a false positive. Not pats on the back for the guys who fix their own issues.

mynorgeek;

False positives are a reality for any on-demand anti-malware scanner. My point was that MBAM consistently fixes them faster than any other anti-malware I have used or tested, bar none. And I have tested many.

Now if MBAM has a higher rate of false positives than the competition, your argument might hold some weight. I have seen no evidence of this. Have you?

Share this post


Link to post
Share on other sites
Let's not get too carried away with praise for fixing a mistake quickly. It is still a mistake.

Sure, they happen, but fp's cause a lot of users a lot of problems... like brad here

What was he told to do?

That's the real story on a thread about a false positive. Not pats on the back for the guys who fix their own issues.

Oh please, who do you think you are? Obviously you have no idea about F/P's in other programs that take weeks to fix. Praise is so appropriate in this case, because the MBAM team not only fixes something when its found in a matter of an hour or two, but they also update the program 3 to 4 times a day. You don't find that anywhere period! You won't find a program that doesn't get a F/P either.

Just so happens Brad's issue is most like because he still has an infection.

Share this post


Link to post
Share on other sites

hi melboy, Thanks for your response in this matter :) the thing is I already deleted the quarantined files after the scan was completed since it stated that this was a Trojan and I was not aware of the f\p issues. So I

Share this post


Link to post
Share on other sites
Oh please, who do you think you are? Obviously you have no idea about F/P's in other programs that take weeks to fix.

You have your opinion and I have mine. No need to get snippy about it.

I know a lot about false positives, and about other programs. I am firmly of a mind that congratulating someone for fixing a mistake is misdirected praise. You can say false positives happen all you want, that isn't my point. People are SUPPOSED to fix their mistakes. If anything, there should be apologies attached when the fix is issued! Lots of people suffer damage to their computers due to false positives. You may be more knowledgable then they are and not suffer any, but that doesn't take away the fact that damage is done when folks try to follow directions and delete false positives files.

Aside from damage, there is inconvenience. Sometimes hours of it.

I am not saying that the MBAM folks aren't goood about fixing their errors. But all one has to do is take a look at this forum to see how frequently they occur with this program. Let's just say they aren't rare. Fixing an error is what is EXPECTED. Why anyone pats them on the back for doing it quickly still escapes me.

Share this post


Link to post
Share on other sites
You have your opinion and I have mine. No need to get snippy about it.

I know a lot about false positives, and about other programs. I am firmly of a mind that congratulating someone for fixing a mistake is misdirected praise. You can say false positives happen all you want, that isn't my point. People are SUPPOSED to fix their mistakes. If anything, there should be apologies attached when the fix is issued! Lots of people suffer damage to their computers due to false positives. You may be more knowledgable then they are and not suffer any, but that doesn't take away the fact that damage is done when folks try to follow directions and delete false positives files.

Aside from damage, there is inconvenience. Sometimes hours of it.

I am not saying that the MBAM folks aren't goood about fixing their errors. But all one has to do is take a look at this forum to see how frequently they occur with this program. Let's just say they aren't rare. Fixing an error is what is EXPECTED. Why anyone pats them on the back for doing it quickly still escapes me.

Just because MBAM has many post regarding false positives means absolutely nothing at all. Every program out there as just as many. Most require you to send them in via E-Mail so you'd never know how many false positives they had in the first place. Sometimes hours of inconveniences is absolutely nothing compared to most products out there.

Share this post


Link to post
Share on other sites

MBAM will continue to get better , FPs will become less and less and everything we do will continue be faster than anyone else .

We have been commercial for less than a year and more or less there has been between 2 and 4 full time employees the entirer time .

I defy anyone to site any othe security company that has done this well in such a short a period of time with a staff under 5 people .

Share this post


Link to post
Share on other sites

I cannot find exactly were I read this info, or if I am citing it correctly but I believe MBAM detects malware in seven (?) different ways where other programs use fewer methods. Due to this fact alone I would expect more FP's because it is more aggressive at targeting malware.

I reported a MBAM false positive and it was corrected within fifteen minutes. I am currently using a paid for AV. I reported a FP two weeks ago to the company (which shall remain unnamed) and it is still not fixed.

If a user does do damage to their PC by deleting a FP I would bet the team here is more than willing to help them fix the problem. Actually, it appears that JeanInMontana has already instructed the user.

These are just my simple observations on the matter. I am not attempting to insult or offend anyone and if it does I do apologize.

Share this post


Link to post
Share on other sites

Let's tone it down guys ;). False positives are entirely our fault. We try our best to fix them (some may say in a very timely fassoion), if it isn't enough, do not use the product. Simple :). Let's enjoy computing malware free together. Whadda ya say?

Share this post


Link to post
Share on other sites
Let's tone it down guys ;). False positives are entirely our fault. We try our best to fix them (some may say in a very timely fassoion), if it isn't enough, do not use the product. Simple :). Let's enjoy computing malware free together. Whadda ya say?

Sounds good to me. One thing I think we can all agree on is that malware stinks.

Share this post


Link to post
Share on other sites
These are just my simple observations on the matter. I am not attempting to insult or offend anyone and if it does I do apologize.

My thoughts exactly. I mean no insult nor offense to anyone. To some I am sure that my comments sound ungrateful, thus the invitations to stop using the program. It is good for me to be reminded that I paid nothing for MBAM, so far. Comparing MBAM's performance against all others is one way of measuring its proficiency. Another way is to compare MBAM to itself. I would like MBAM to constantly be better than itself. I would like to see greater emphasis placed on fewer false positives rather than on speed of correction. I suspect that management has set that same goal. It just doesn't sit well with me when some people are praising speed of correction while other users are in a bind due to the error.

Share this post


Link to post
Share on other sites
I suspect that management has set that same goal.

We aim to improve both! Most false positives (those detected by a specific method) are added to a pile so they are scanned each time we release a new update. Most false positives will never happen again because of this method.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.