Jump to content

Fakse Positives?


Trueborn
 Share

Recommended Posts

Hi. First time posting. Hope I post in the proper format.

Something tripped off my virus shield last night while I was surfing. I'd run virus checks over the weekend, but, as a precaution, I ran several of the programs I normally use to eliminate spyware/adware/viruses. The first couple of programs I ran turned up nothing out of the ordinary. Then I ran the version of MBAM I had installed. It also turned up no infections.

I hadn't updated MBAM in several weeks, so, this morning, I updated MBAM to the current version of the software and definitions file, and re-ran the sweep. This time, it detected three infections. Since all other sweeps - including an old version of MBAM came up negative - I'm a little skeptical this isn't a set of false positives. After I post this, I'll rerun some other software to see if any problems pop up. For what it's worth, nothing seems out of the ordinary. The last time I had a virus problem was several months ago when an adware app got through.

It appears I was running Malwarebytes' Anti-Malware 1.28, Database version: 1215 before today's update.

Is this legit, or is it some sort of f/p? If it is an f/p, is it ok to let MBAM delete the "infections"?

Thanks.

Today's logfile:

Malwarebytes' Anti-Malware 1.30

Database version: 1335

Windows 5.1.2600 Service Pack 2

10/29/2008 9:12:32 AM

mbam-log-2008-10-29 (09-12-17).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 168579

Time elapsed: 52 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> No action taken. [4054423730518072867015468677857481777013019266207069221925251471222225142171237

014256922681424211768672371252617192694]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken. [4054423730518072867015567479347985748774838684130192672321712166246814262468261

41818696614256769701471232367666918702071206694]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> No action taken. [4054423730377466777083130192696725262025202614181771171421667126142619716614671

92022192571222017667194]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please download/install the latest Notepad++

Several alerts seen by MBAM.

Cheers,

Gerard

I'm sorry. I don't quite understand what this means. Am I just supposed to update the software? What exactly are the alerts going to tell me?

Since my "infections" are just traces of a past problem (probably the adware; it's the only serious problem I've ever had on this PC), should I just let MBAM delete them so they don't appear again? Is it safe to do that? I'm hardly an expert, so I dislike fooling with the registry unless it's necessary.

Link to post
Share on other sites

I'm sorry. I don't quite understand what this means. Am I just supposed to update the software? What exactly are the alerts going to tell me?

Since my "infections" are just traces of a past problem (probably the adware; it's the only serious problem I've ever had on this PC), should I just let MBAM delete them so they don't appear again? Is it safe to do that? I'm hardly an expert, so I dislike fooling with the registry unless it's necessary.

I am sorry, nothing to do with your original post.

Gerard

Link to post
Share on other sites

  • Staff
I'm sorry. I don't quite understand what this means. Am I just supposed to update the software? What exactly are the alerts going to tell me?

Since my "infections" are just traces of a past problem (probably the adware; it's the only serious problem I've ever had on this PC), should I just let MBAM delete them so they don't appear again? Is it safe to do that? I'm hardly an expert, so I dislike fooling with the registry unless it's necessary.

Remove and they are gone for good , these are nothing more than "infection was here" tags .

Link to post
Share on other sites

Hello Bruce and Dustin

Notepad++ is not detected by the MBAM scan but is detected by the PM.It took three terminate attempts for the PM window to close.

Ahh, we have tracked the issue down, and the next def update should! correct it. Please let us know if you have any further FP issues. :) as for the 3 tries to terminate it, yes... That's because the nullsoft installer keeps re-creating the file. It's actually nsexec.dll with 4 bytes different. As for why the bytes are different, I do not know.. but, I know it loads it 3 times and deletes it when it's done.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.