Jump to content
Sign in to follow this  
WallysBlues

Rogue.WinAntivirus...is this false positive?

Recommended Posts

Hi! I did an update and then a scan today with my MBAM 1.30 and it picked up Rogue.WinAntivirus. I have had quite a number of detections by MBAM in the past but luckily they all turned out to be false alarm easily rectified by quick updates by MBAM...BUT this time I have a feeling this could be a real nasty because of the familiar name of the detection(I hope Im wrong). There's no untoward behaviour that I am noticing from my pc...everything's working fine prior to the detection...BUT just the same I quarantined it and would like to know from this forum if there's a possibility that it could be a false positive. Here's my complete log:

Malwarebytes' Anti-Malware 1.30

Database version: 1379

Windows 5.1.2600 Service Pack 3

10/11/2008 08:50:36

mbam-log-2008-11-10 (08-50-36).txt

Scan type: Quick Scan

Objects scanned: 43847

Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

By the way, the detection was in my pc's Limited account. The 3 detections about Hijack.StartMenu was no problem because I purposely hid Run, Search, and Help in our pc's Limited account(see my previous post about it).

Share this post


Link to post
Share on other sites
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

These are common malware hijacks and there is no way to tell if you did them or if malware did them , we fix them for the noobs .

Please have MBAM ignore these to prevent them from showing up in you scans again .

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Stats in new location MBAM looks for malware GUIDs in and what we hit in your system is from a long dead infection . If this had been a live infection there would have been much more detected .

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.