Jump to content

Malwarebytes Reports - "Fake.Beep.Sys"


graesid

Recommended Posts

Jusst started using the program and after running a scan on my Limited User account it comes up with the following

Files Infected:

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.

I cannot find this file on my computer and I note that if I run Malwarebytes on my main Admin Account nothing is reported .

I have run a number of other Anti Spy Applications and they find nothing .

Can anyone tell me if they have any experience of this and whether this may be a False positive .

Graeme

Link to post
Share on other sites

Thanks, I will look into it.

Thank you for your acknowledgement .

After posting I did find the file C:\WINDOWS\system32\dllcache\beep.sys on my computer by searching on the Admin account .It is is apparently not accessable from the Limited user account as it is a Microsoft System File . I have checked the file with a number of scanners and it appears to be the original Microsoft file which I understand is on most Windows XP systems .

I would be very reluctant to delete this file so I will await your reply as to your findings

Graeme

Link to post
Share on other sites

That is true but for security I use a limited user account for all my web browsing and online work . As I understand it If damage occurs it can then be limited to that account in many cases . If a scan detects Malware I can then delete using my Admin account if necessay .

Link to post
Share on other sites

  • 3 months later...

We have two a31p Thinkpads running the same currently-updated versions of XP Pro SP3. On both machines we have

c:/WINDOWS/system32/dllcache/beep.sys

c:/WINDOWS/system32/drivers/beep.sys

However, on ONLY one machine we get what I believe is a false positive for ONLY

c:/WINDOWS/system32/dllcache/beep.sys

which was Quarantined as Fake.Beep.Sys

Wasn't this supposed to be fixed back in August?

Thanks.

Lester

Link to post
Share on other sites

We have two a31p Thinkpads running the same currently-updated versions of XP Pro SP3. On both machines we have

c:/WINDOWS/system32/dllcache/beep.sys

c:/WINDOWS/system32/drivers/beep.sys

However, on ONLY one machine we get what I believe is a false positive for ONLY

c:/WINDOWS/system32/dllcache/beep.sys

which was Quarantined as Fake.Beep.Sys

Wasn't this supposed to be fixed back in August?

Thanks.

Lester

P.S. Both machines have only one user with full Administrator privileges.

Link to post
Share on other sites

That's very strange.. Would you mind submitting the file mbam thinks is fake?

I just did upload the beep.sys file. I have been corresponding with one of your staff, Arthur. Here are some of my comments:

(1)

Previously, you documented that the additional beep.sys files under

dllcache/ should not be there and so I deleted them on both machines.

This raised the issue that Malwarebytes did not flag/Quarantine this

file on one of the two computers.

(2)

In this latest email, you seem to suggest that even if there were

additional beep.sys files under dllcache, this should not present any

problems since these beep.sys files in fact are valid system files?

> As I mentioned, I used zdiff under Cygwin (a bit by bit comparison) between

> /cygdrive/c/WINDOWS/system32/dllcache/beep.sys

> /cygdrive/c/WINDOWS/system32/drivers/beep.sys

> before deleting /cygdrive/c/WINDOWS/system32/dllcache/beep.sys; the

> files were identical

> (on both machines and indentical across machines).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.