Jump to content

cadkey 19 false positive trojan.scar


zekeallmon
 Share

Recommended Posts

Hello,

Tech on a service call here. Love malwarebytes, just want to make sure this is a false positive.

Customer uses ancient version of cadkey19, and has mbam pro, updated.

Got a pop up saying that C:\CK19\vib.cde was infected trojan.scar.

They quarantined the file, then deleted the file from quarantine.. and surprise cadkey would no longer open.

I scanned the computer for malware, with mbam, combofix and avast boottime. It was clean. Reinstalled cadkey, and scanned the c:\ck19 folder again w/ mbam. And it once again found the file as being infected.

So, Im sure its a false positive, but just wanted to get a second opinion, and to let you know about it.

Thanks,

Zeke Allmon

Link to post
Share on other sites

  • 3 weeks later...

I have a very similar experience today Zeke

Thanks for your post - I am not a tech and was very worried about the positive till I read of your experience with CK19 on Google

Peter

Hello,

Tech on a service call here. Love malwarebytes, just want to make sure this is a false positive.

Customer uses ancient version of cadkey19, and has mbam pro, updated.

Got a pop up saying that C:\CK19\vib.cde was infected trojan.scar.

They quarantined the file, then deleted the file from quarantine.. and surprise cadkey would no longer open.

I scanned the computer for malware, with mbam, combofix and avast boottime. It was clean. Reinstalled cadkey, and scanned the c:\ck19 folder again w/ mbam. And it once again found the file as being infected.

So, Im sure its a false positive, but just wanted to get a second opinion, and to let you know about it.

Thanks,

Zeke Allmon

Link to post
Share on other sites

  • 1 month later...

Same issue here. We use Cad Key 19 - it is indeed ancient. To answer your question, yes CadKey 19 automatically creates the folder C:\CK19\ and installs the vib.cde file, and other files here. This program used to run on older win98 pc's way back when. It is indeed a false positive.

Outside of this thread I am still not seeing a single instance of this, are you guys installing this into root intentionally or does the installer do this intentionally?

Link to post
Share on other sites

  • 2 months later...

We need a LOT more information than than. Post a scan log and collect any files we detect. You can paste the scan log directly into your reply and then zip and attach any files we detect.

It appears that you are only going by the file name "vib.cde" and saying that it is a Trojan.Scar.

If I copy and rename the file it is not found to be a problem.

Erasing the file blows my CADKEY.

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.