Jump to content
Sign in to follow this  
Kms

**all Trojan.Packer.Gen posts merged **

Recommended Posts

NOTE: I have quarantined the item in question and it is still in quarantine.

I have read the instructions about doing a scan in developer mode and appending the log here. But it is not clear to me whether I first need to "UN-quarantine" the quarantined file. Please advise, and please clarify your general "False Positive" instructions so that point is clear.

Also, the quarantined/suspect item did not turn up in a scan, but appeared to have been flagged by MB simply while it was running in background.

---

MB just informed me of the presence of "Trojan.Packer.Gen" on my system. I responded my putting it in Quarantine

The warning came as I was running the Microsoft utility to determine whether my machine was compatible to upgrade to Windows 7.

It said the malware infection was located in

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDDriveInfo.exe.

I believe that the above file is related to my portable hard drive, which is installed in this machine but which is not normally attached to the machine (it attaches via USB). (The portable hard drive was acquired a few years ago solely to make it easier to transfer files from an old machine about to be retired to a newer machine.)

My question:

Was the MB warning possibly a false positive, and if I delete the supposed malware would I be unwittingly disabling my ability to use the portable hard drive?

If NOT, I'm puzzled about how the malware would have chosen that particular file to infect, since the Portable Hard Drive is rarely used and there's no association between using it and my being online.

This isn't an urgent question at this point but I'd really be curious for insight. I am a constant user of my machine, but my technical understanding of some of this stuff is admittedly limited.

Share this post


Link to post
Share on other sites

I have no idea if this is a glitch or something.

I scan my pc twice a day with my programs, but after the latest Malwarebytes update, it target the following files as infected;

(I'll write it down here too since the attached log is in danish-partly)

Memory Module: c:\program files\ASUS\six engine\pngio.dl

Memory Module: c:\program files\ASUS\TurboV\pngio.dl

File: c:\program files\ASUS\ Six engine\pngio.dl

File: c:\program files\ASUS\TurboV\pngio.dl

Those are power supply programs for my computer.. why would a trojan take root there?

Share this post


Link to post
Share on other sites

Yes, restore the file from quarantine, then run th developers scan.

The research team will be along as soon as they can to examine it.

Share this post


Link to post
Share on other sites

I have no idea if this is a glitch or something.

I scan my pc twice a day with my programs, but after the latest Malwarebytes update, it target the following files as infected;

(I'll write it down here too since the attached log is in danish-partly)

Memory Module: c:\program files\ASUS\six engine\pngio.dll

Memory Module: c:\program files\ASUS\TurboV\pngio.dll

File: c:\program files\ASUS\ Six engine\pngio.dll

File: c:\program files\ASUS\TurboV\pngio.dll

Those are power supply programs for my computer.. why would a trojan take root there?

*Note* There, corrected a spelling error.

Share this post


Link to post
Share on other sites

I am merging these to avoid confusion.

This FP should now be fixed, please update and recheck to confirm.

Share this post


Link to post
Share on other sites

OK, I updated, then restored the quarantined file, then did a quick scan. scan reports no malware detected.

I'm guessing it's all OK now.

Share this post


Link to post
Share on other sites

I am merging these to avoid confusion.

This FP should now be fixed, please update and recheck to confirm.

Great to hear you're taking care of our reports :)

But Im afraid that I cannot report back, since I paniced and delete the two programs being "infected", Asus Six-Engine and TurboV :)

I never used them anyway, hehe..

Share this post


Link to post
Share on other sites

After an update by MBAM today, I ran the Lord of the rings on-line client. After I logged in to the game, granny2.dll was flagged as a Trojan.Packer.Gen

I'm running Windows 7(x64)Professional

I am likewise having a false positive message from this specific file. When I delete it my game will not start and requires this file be downloaded over and over. Its a nonstop loop and it appears MB is giving a false reading on this file as it is crucial to have in installed in order to run this Online game. Either that or the game company is intentionally downloading viruses to my computer. Can anyone at Malwarebytes confirm this is a false positive reading of granny2.dll. I have Winrared the file and its attached also.

granny2.rar

Share this post


Link to post
Share on other sites

I am merging these to avoid confusion.

This FP should now be fixed, please update and recheck to confirm.

Share this post


Link to post
Share on other sites

I received the warning yesterday:

C:\program files (x86)\WD\wd anywhere backup\WDDriveInfo.exe Trojan.Packer.Gen ALLOW

And, as can be seen, I made the decision to allow the program to run. Assuming it is a false positive, do I need to do anything else besides run a full scan? My concern is that by selecting "Allow" (since I didn't want my backup program to crash) have I circumvented possible detection of a real problem in the future?

Thanks!

Share this post


Link to post
Share on other sites

Nope this was a false positive and the file should have never been detected. Please update your database and if you quaritined restore it from quaritine and that is all you should have to do.

Share this post


Link to post
Share on other sites

After an update by MBAM today, I ran the Lord of the rings on-line client. After I logged in to the game, granny2.dll was flagged as a Trojan.Packer.Gen

I'm running Windows 7(x64)Professional

I can confirm this is no longer being flagged up

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.