Jump to content

Extension.Mismatch, not sure if it's a false positive


Raksas

Recommended Posts

I updated Malwarebytestoday and ran a quick scan. It came up with two Extension.Mismatch problems at the end, one file and one registry value.

The file was at:

C:\WINDOWS\system32\Wnccdctl.log

And the registry value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\Wnccdctl.log

I don't know if these are false positives or not. I don't want to delete them if they are something that I actually need. The file itself is showing up as a 46K text file but I haven't actually tried to open it. This is the first time I've seen a problem of this type come up.

I'd appreciate any help I could get.

Thanks.

Link to post
Share on other sites

  • Staff

Hi,

Extension mismatch means that the extension doesn't fit. In this case, it's supposed to be a .log file, but malwarebytes doesn't read it as a log file but as an executable file. Log files should be textfiles and no executable files.

This is a tactic that malware uses frequently, however, this doesn't always mean it's malware when an extension doesn't match. In some cases (although that's a poor developers decision), some software may also rename certain files to another extension to have the file as a backup before they update the file.

In either way, please zip and attach the file Wnccdctl.log for me. You should find it in your system32 folder.

If you can't find the file, make sure hidden files and folders are shown:

Please set your system to show all files.

Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck: Hide file extensions for known file types

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.

And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Thanks.

Link to post
Share on other sites

  • Staff

Hi,

Thanks for the file. This file pretends to be a log file, but is indeed an executable. It's related with Elaborate Bytes CloneCD. Not sure why it's using such tactics though.

In either way, detection for this one will be adjusted in next malwarebytes update. So please update Malwarebytes within an hour or so and let me know if mbam is still detection it.

Thanks.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.