Jump to content

WORK.DAT maybe false positive


Richard_P

Recommended Posts

I scanned my laptop today and it found 4 problems. Two were obvious problems the other two I am not sure are real problems. I scanned the first file using the Jotti's Website and of the twenty scanners, only one "found" anything for WORK.DAT. The other file is wupd.dat and is a hidden, zero-byte file. I have attached the files and the log after running MBAM using the /developer switch. Please find the log file and both files attached.

Thanks for your help,

-Richard

mbam_log_2010_08_26__19_12_09_.txt

WORK.zip

Link to post
Share on other sites

Traces are not executable in most cases and wont be detected on their own. These we likely part of the infection you mentioned seeing detected.

Does this mean that I need to clean these two files in some way? Replace them maybe with new ones or should they be ok now that the other two files are gone?

Thanks for your help.

-Richard

Link to post
Share on other sites

Traces are clutter that the intruding malware left in your system. If you want to keep the files for some reason they should be safe but so is letting MBAM clean them up.

OK, but doesn't MBAM simply quarantine them instead of cleaning the malware from them, or am I getting this wrong?

The two files I had MBAM "clean" are in the quarantine area now.

Thanks for your help,

-Richard

Link to post
Share on other sites

Think of it this way.

A robber breaks into your house, that is the main infection.

He leaves a soda can on your table. This is not in any way a threat or a problem. This is what a trace is.

In both cases removing them from your house is how you clean them.

Quarantine is just like your recyclebin but is just for objects we remove.

Link to post
Share on other sites

Think of it this way.

A robber breaks into your house, that is the main infection.

He leaves a soda can on your table. This is not in any way a threat or a problem. This is what a trace is.

In both cases removing them from your house is how you clean them.

Quarantine is just like your recyclebin but is just for objects we remove.

OK, I understand now what you mean by cleaning them. I guess my real question is, are these files (WORK.DAT & wupd.dat) necessary system files that are "infected" and need to be replaced with good working files, or are they non-system extraneous files that were put there by the malware?

Thanks again for your continued correspondence and education,

-Richard

Link to post
Share on other sites

Any time you have a question about a file you can use its location in your system as a string in a google search:

http://www.google.com/search?hl=en&as_...i=&safe=off

http://www.google.com/search?hl=en&as_...i=&safe=off

If these were legit files you would see 2 things. Many more hits and and those hits would link to info about what the legit files are/do.

Link to post
Share on other sites

Any time you have a question about a file you can use its location in your system as a string in a google search:

http://www.google.com/search?hl=en&as_...i=&safe=off

http://www.google.com/search?hl=en&as_...i=&safe=off

If these were legit files you would see 2 things. Many more hits and and those hits would link to info about what the legit files are/do.

I really appreciate the help. Thanks again.

-Richard.

Link to post
Share on other sites

I really appreciate the help. Thanks again.

-Richard.

I had one more issue I wanted to bring up:

I orignally ran an MBAM "Perform full scan" and MBAM detected the trace on the two files (WORK.DAT & wupd) in my system. I did not clean the files, because I was wondering if MBAM was detecting a false positive which I addressed earlier. You educated me very effectively and so I went back to detect the trace again so as to have MBAM clean the mess. In order to be as efficient as possible I right-clicked on each file and chose to scan the files individually. The single file scan did not detect the trace. Only when I ran the full scan, which takes over an hour to perform, did it find the trace. I was then able to clean it.

Why didn't MBAM detect the trace in the individual file scan?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.