Jump to content
Xman

secdrv.sys a false positive?

Recommended Posts

I have found this file reported as a rootkit but it seems a legit file.

It is located in c:\windws\system32\drivers\secdrv.sys

Is it ok or really a rootkit?

Share this post


Link to post
Share on other sites

... also, when i right click on the file it says on the product name: "Macrovision Security Driver".

Share this post


Link to post
Share on other sites

Hi,

It's an FP related to Safedisc CD protection in db 1123 and 1124.

Here is developer log :

Malwarebytes' Anti-Malware 1.26

Version de la base de donn

Share this post


Link to post
Share on other sites
checking right now

I can have this fixed in 5 minutes

Thanks Bruce

MaB

Edit : Fixed by 1125 ;)

Share this post


Link to post
Share on other sites

This was an error on my part , I forgot to add version info checking on a new heuristic .

Share this post


Link to post
Share on other sites

I was about to post this too:

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully.

I'll get them to go into the quarantine.

Share this post


Link to post
Share on other sites

Hi Sarah,

Go ahead and restore from Quarantine. It's a FP.

Share this post


Link to post
Share on other sites

Beenthere, latest database is 1131 :unsure: Please update and re-scan in case it's fixed.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.