Jump to content

Weird one.. MBAMPro declared trojan dropper at install;


ShyWriter
 Share

Recommended Posts

post-35425-1293894737_thumb.gif

post-35425-1293894805_thumb.gif

File Name : register.exe

File Size : 65536 byte

File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit

MD5 : 9c88a3edd2e88bf2d7db952679ca5116

SHA1 : 81dfef0f3e10aec258a69f536f3e8576160f510f

Ran it at various online virus scanners.. a few declared Malware; especially McAfee.. On VIRUS TOTAL has 1 possible and 1 positive out of 36 scanners.

Ran it through Malwarebytes from the file's quarantine position and mbam.exe /developer mode didn't let a peep. As you can see from screen clip 2 above, MBAMPro declared it a trojan when installing it from the packed download.

The ANUBIS file is in PDF format:

https://anubis.iseclab.org/?action=result&a...5fd0a09a9295a65 (This was the results of the complete EXE-PAK'd download)

post-35425-1293895442_thumb.gif

report_1cbbaff3a7f5a758445fd0a09a9295a65.pdf

So is this a false positive?? (Database 5436 / 1.50.1.1100) Also hit on yesterdays various databases.

~Steve

Link to post
Share on other sites

This seems to be the one. Downloaded from hxxp://download.cnet.com/Registry-Cleaner/3000-2086_4-10844171.html?tag=mncol;3 - matches the picture...

Thanks LOON3R, for downloading and zipping it for Bruce.. (and me :welcome:).. I had to go grocery shopping.. I'd already wasted two hours on preparing/investigating the file; I didn't have the time.

~Steve...

Link to post
Share on other sites

  • Staff

Let me add that just because a download site claims something does not have spyware or whatever, this does not mean that some application will detect it a such based on that applications parameters.

All vendors use their own set of parameters for determining what is or is not classified as one thing or another.

Link to post
Share on other sites

This should be fixed now.

You're quite welcome; Bruce..

@Tom: Always a pleasure to be able to return some of the assistance you always give us in Suspect Users.. Since Bruce said, "This should be fixed now." I make the assumption it was a false hit and MBAMPro was tweaked to make in NOT so.. :welcome:

EDIT: Unpacked said program and installed and used same with no problems or warnings.. - Thanks!

~Shy

Edited by ShyWriter
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.