Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Infected folder doesn't exist


Recommended Posts

Hello! Malwarebytes found only one infected folder on my laptop and nothing else: C:\Program Files\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) and deleted it. It didn't find any infected registry keys, processes or files.

But, next time I scanned my computer, Malwarebytes found this folder again. I'm not even sure if my laptop was infected with that kind of malware because that folder doesn't exist on my C: drive - please look at the picture. Windows XP is in Croatian. (show hidden and system files is on). My antivirus says that my computer is completely clean. I also deleted all system restore points, but Malwarebytes finds that folder again every time I scan.

Is this fake alert or some leftovers from already deleted threat?

Thank you very much.

post-62163-1291905891_thumb.jpg

Link to post
Share on other sites

Hi,

Do you have Comodo Internet Security installed?

Yes, I have. Comodo didn't find anything at all and Spybot Search&Destroy as well. I've also checked with HijackThis and analized results. They were all OK.

So I believe that my laptop is clean, but that folder confused me. It doesn't exist, and there aren't any registry keys or files infected.

Link to post
Share on other sites

  • Staff

Hi,

Well this is actually caused by Comodo though. Also see here:

http://forums.malwarebytes.org/index.php?showtopic=69003

To quote my reply there:

Guys, this may be an incompatibility issue with Comodo Internet Security and Malwarebytes.

I don't know what option in Comodo is actually responsible for this, but it looks like Comodo maintains a blacklist of known malware folders (or something that can be manually configured). Maybe this is a part of its sandbox, maybe not...

In anyway, the folders malwarebytes detects are not actually there. It's Comodo which is responsible for these "ghost" folders, probably as a part of their defense protection or sandbox, this probably to prevent the creation of these folders in the first place. And because of this behavior, it makes malwarebytes believe those folders are there, thus it reports them as infected.

Or, Comodo intercepts the enumeration of malwarebytes scan, compares with its own blacklist database, and acts as a block here.. and because of that, it confuses malwarebytes scan and makes malwarebytes believe those folders are actually there.

We've had similar reports before already and uninstalling and reinstalling Comodo seems to have solved these "ghost" detections by Malwarebytes.

Also, it may be an idea to disable Comodo during a malwarebytes scan, this to see if it's still detecting the same.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.