Jump to content

Recommended Posts

Just started getting this recently with my Sunbelt CounterSpy program. Surely, this is a false positive.

Malwarebytes' Anti-Malware 1.27

Database version: 1131

Windows 5.1.2600 Service Pack 2

9/09/2008 1:44:24 PM

mbam-log-2008-09-09 (13-44-24).txt

Scan type: Quick Scan

Objects scanned: 40621

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\EN CounterSpyConsumer UpGrade-Signed.exe (Trojan.Agent) -> Quarantined and deleted successfully.

post-2134-1220933253_thumb.png

post-2134-1220933350_thumb.png

post-2134-1220933253_thumb.png

post-2134-1220933350_thumb.png

Link to post
Share on other sites

Since I last posted I have updated and rerun a scan and got the same result.

So I decided to ignore instead of quarantining. Did another scan, this time it was clean.

I then ran another scan after deleting the ignore list, and the FP is back.

However,as you can see after clicking on > jump to location the MBAM program is not responding. This also happened yesterday, but I thought it was one off. See attached screenshot.

P.S. This has got me stumped, but I could go back to ignoring the FP, as it only has to do with Sunbelt CounterSpy definitions updates.

post-2134-1220988551_thumb.png

post-2134-1220988551_thumb.png

Link to post
Share on other sites
Can you add it to the quarantine. Next, go to this location:

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

Zip up the Quarantine folder and attach it please.

See attached folder as requested> Located C:\Documents and Settings\username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

Link to post
Share on other sites

Latest update, nothing changed: Still the false positive! Can't but help think it has something to the recent glitch mentioned here -

There was a glitch in the way we corrected this key in the past , this undoes that . The glitch would not cause any problems which is why no one had a bug report for it .

The value being set today is the value that MS installs when you install windows .

This is not actually fixing a problem , only setting a value exactly the way it would be set when windows is installed .

As you can see, I keep getting the WinPatrol popup, which I answer no to! This only started happening around the time of this particular glitch referred in the quote above. Something has changed in the registry. Can you please advise where to check in the registry?.......so I can make the necessary change to it. :unsure:

post-2134-1221110822_thumb.png

post-2134-1221110863_thumb.png

post-2134-1221110915_thumb.png

post-2134-1221110822_thumb.png

post-2134-1221110863_thumb.png

post-2134-1221110915_thumb.png

Link to post
Share on other sites

Here we go..... :unsure:

Malwarebytes' Anti-Malware 1.28

Database version: 1141

Windows 5.1.2600 Service Pack 2

12/09/2008 12:39:46 PM

mbam-log-2008-09-12 (12-39-38).txt

Scan type: Quick Scan

Objects scanned: 40472

Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\<myname>\Local Settings\Temporary Internet Files\EN

CounterSpyConsumer UpGrade-Signed.exe (Trojan.Agent) -> No action taken.

[3857535134305383807566791534727079851301362761378068867870798584016679690152708

5857479728461

41667984014970837468614580686677015270858574797284615370788180836683900142798570

8379708501397

4777084611115708970]

Link to post
Share on other sites
  • Staff

I see what is going on now and should be able to fix this .

MBAM is detecting an executable where no executable should ever be .

I need to know if you see this again after you have defs version 1142 or higher .

Link to post
Share on other sites

Latest scan with 1142 definitions shows all clear. Final proof for me, will be after I update the the definitions to CounterSpy, which should be released later today.....Saturday morning my time. Off to bed for me now! ....it is late Friday night.

Malwarebytes' Anti-Malware 1.28

Database version: 1142

Windows 5.1.2600 Service Pack 2

12/09/2008 11:15:36 PM

mbam-log-2008-09-12 (23-15-36).txt

Scan type: Quick Scan

Objects scanned: 40689

Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

No further problem.It appears that this has now been fixed. Thank you.

Malwarebytes' Anti-Malware 1.28

Database version: 1143

Windows 5.1.2600 Service Pack 2

13/09/2008 2:25:28 PM

mbam-log-2008-09-13 (14-25-28).txt

Scan type: Quick Scan

Objects scanned: 40623

Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.