Jump to content

Why did A-M identify everything in my Start Menu's 'System Security' folder tree as "Rogue.SystemSecurity"?


Recommended Posts

I'd been hearing a lot about Malwarebyte's Anti-Malware utility so even though I use a firewall, AV with realtime scans, use a Sandbox utility for suspicious files, ran SAS & HJT recently and cleaned up my registry and am therefore pretty confident my system is clean, I decided to give MA-M a whirl and see if it could find anything that other similar apps had missed.

So I installed it last night and ran the full scan, and was surprised to see (other than 1 explainable false positive, see here), all the rest of the 68 supposedly 'items infected' were located in my (Windows XP) Start Menu, in a folder I'd created for AV, Spyware cleaning, Firewall, Registry tools, etc called (appropriately) 'System Security'.

So it was not the application files that were identified as 'Rogue.SystemSecurity', but the Start Menu shortcuts themselves. :)

WHY?

After Googling it and searching through and reading the forums, I ran the MA-M test again, using the mbam.exe /developer command, but got the same results.

Here's a screencap: (click thumbnail for bigger image)

mabscanroguesssm.th.jpg

I've attached to this post my Log File, having edited my Windows username to '[uSER]'.

I didn't post this to the 'False Positives' forum as it says that forum is not a place for feedback.

As I haven't used MA-M before, I have not proceeded yet past the scan results - ie: the utility is still open and I haven't clicked 'Remove Selected' yet. I assume if I do, my 'Start Menu->All Programs->System Security->' folder tree will be erased, not just 'cleaned'. And obviously, I don't want the folder tree gone. (By the way, is there an 'Undo' feature?)

Anyway, the question again is "WHY?" - why did MA-M flag all those Start Menu items as 'rogue' items/infections?

mbam_log_2010_08_26__14_52_53_.txt

Link to post
Share on other sites

Hello and :)

It could be a false positive or problem with the DB.... update Malwarebytes (you had 4482) to updated version as I type this is 4486

Then run another quick scan and let us know what you get..... Also.....

By the way,

It would be a good idea to update to SP3 as support (including new security updates) ends July 13, 2010 for SP 2:

As Disscussed HERE

Please post back if you have further questions.

Thank You :)

Link to post
Share on other sites

Hi RazorXL and welcome to Malwarebytes.:)

Just a quick note on the edit feature. You need to have made 50 posts to use it. According to what I've heard, a few bad beans awhile back ago caused Malwarebytes' to add restrictions. Most of this is just to prevent new users from editing in Malware Removal section.:)

Edit: Items are removed, but you can go under quarantine tab and restore them. Just don't do anything unless you are absolutely sure they are infected. I would do some research on the folder "system security" under programs as it seems highly suspicious. Malware writers name the files whatever they want. And it seems that it copied several legitimate names to cloak itself.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.