MBAM detects file as infected, after restoring the file it says its clean!

[DraKuL]

Hi,

As I have mentioned in the topic, MBAM detected 2 files as viruses, but I wanted to submit it to a virus lab so I restored it. Then after scanning it manually it said that the files are clean! Why is that??

I copy pasted this from a log and these are the 2 files and infections. I have attached the infected files in a password protected archive, I will send the password as a personal message once requested.

ibelicomeposu.dll (Trojan.Agent)

BHO.dll (Spyware.GamePlayLabs)

Cheers!

[nosirrah]

I will send the password as a personal message once requested.

That is not the way it is done, please zip and attach the files with no password.

[nosirrah]

I got lucky on the password, both of these files are detected fine here.

What exactly is your question?

[DraKuL]

I got lucky on the password, both of these files are detected fine here.

What exactly is your question?

My question is, why does MBAM say the file is clean after restoring it from the quarantine ? I restored it to submit it to the virus lab of my antivirus product. I restored it to the desktop and scanned the 2 files separately with MBAM and it says the files are clean. My question is why does it say its clean.

[DraKuL]

The password is "infected" . I put it there because thats how other forums ask us to submit files, I thought that its the same here.

[nosirrah]

My question is, why does MBAM say the file is clean after restoring it from the quarantine ? I restored it to submit it to the virus lab of my antivirus product. I restored it to the desktop and scanned the 2 files separately with MBAM and it says the files are clean. My question is why does it say its clean.

I cannot replicate this. Please post a scan log where you are canning these 2 files with current defs and not showing detection as here both are detected just fine.

[DraKuL]

I cannot replicate this. Please post a scan log where you are canning these 2 files with current defs and not showing detection as here both are detected just fine.

The problem with Scan logs is, it doesnt show the file name in the log. and Just to be clear, MBAM did detect the 2 files at first, but like I said I restored it from the MBAM quarantine to the desktop, and when I right click the file and click Scan with MBAM it detects the file as clean.. Do you want me to send a screen shot or ? ( since the logs dont show the file name)

[DraKuL]

Nevermind, after updating the the current definitions it gets detected. But I scanned with yesterdays definitions and it didnt detect, did it all day and didnt get detected, which is why i posted this in the morning, anyway its fine now, thanks

[DraKuL]

Hi,

one more issue, MBAM doesnt detect the installer of that BHO.dll as a threat, I have attached the file and hope you will add it to the definitions. the password is 'infected' .

A support forum member of Avast! has contacted MBAM admins regarding the file BHO.dll and this is the reply he got

"Different vendors have different ways of assessing files.

For example "GamePlayLabs" you just need to read their current EULA to see what they have declared they are harvesting(data) from you once installed= Enough for us to classify them a Spyware

Just looking at the file briefly will not tell you this information but more indepth research will

Hope that helps"

This confirms that game play labs is a spyware site and this software installer was designed by them and it installs the spyware - BHO.dll, So I think it should be added to the detection list

Cheers!

MediaPlugin.rar

[shadowwar]

Detection has been added for this. Thanks for the submission!

[DraKuL]

Ok thanks!

ps - close this thread