Jump to content
Rainbow1112

TOO MANY FP

Recommended Posts

with malwarebytes enable on protection and started with windows. IT detect many file on startup as Trojan vundo but right clicking on the files and scan does not report any virus... i printscreen 3 of the fp file and have attach below

Share this post


Link to post
Share on other sites

I second that. Rebooted a few minutes ago and after the reboot MBAM went crazy and began detecting basically everything I started as a "Trojan.Vundo".

Program version is 1.31 and definitions are the latest. Tried uninstalling MBAM, rebooting, cleaning the temporary folders and installing it again, but without avail.

Right now it acts like a HIPS program.

OS is Windows XP Professional SP3.

Share this post


Link to post
Share on other sites

Performed another test

First: uninstall, reboot, reinstall, no update, activate real time protection, reboot. Everything was fine.

Then: update, reboot. False positives started again.

Conclusion: something in the latest definitions (version 1469) is causing all this.

Added: manual scan reports no problems/malware.

Share this post


Link to post
Share on other sites

Yep can confirm the exact same problems today after rebooting. Norton is now classed as Trojan vundo along with several other applications.

Had to uninstall malwarebytes for now. Hope this gets resolved quickly. All started after the last update to 1469 as earlier stated... :D

Share this post


Link to post
Share on other sites

Yup, I can confirm it too.

It detected loads of normal starting services as malign, wanted to stop them and my whole system froze to the point I had to shut it down with the on/off button.

Share this post


Link to post
Share on other sites

Got this mess on three machines, just about everything is reported as malware.

For the moment have disable running when Windows starts.

I suppose we will have to wait for the next update, which I hope is soon.

Is there any way of reporting this?

Share this post


Link to post
Share on other sites

Same problem here (Win SP SP3). I had to turn off the protection module as almost everything program was reported as having Trojan.Vundo.

A quick scan reveils nothing:

Malwarebytes' Anti-Malware 1.31

Database version: 1469

Windows 5.1.2600 Service Pack 3

7/12/2008 14:26:49

mbam-log-2008-12-07 (14-26-49).txt

Scan type: Quick Scan

Objects scanned: 62286

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

And the "ignore list" is completely empty.

Share this post


Link to post
Share on other sites

Ditto with Trojan.Vundo. Definitely a bug with the last update. I am getting the same thing with legitimate files being detected as this trojan. I am sure they will fix this ASAP.

Same problem here (Win SP SP3). I had to turn off the protection module as almost everything program was reported as having Trojan.Vundo.

A quick scan reveils nothing:

Malwarebytes' Anti-Malware 1.31

Database version: 1469

Windows 5.1.2600 Service Pack 3

7/12/2008 14:26:49

mbam-log-2008-12-07 (14-26-49).txt

Scan type: Quick Scan

Objects scanned: 62286

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

And the "ignore list" is completely empty.

Share this post


Link to post
Share on other sites

Same here ...MBAM messed up my system with last definition file.

Avast Pro boot time scan found nothing !!

MBAM realtime protection says all Avast system files are infected by vundo !!

A heavy fp i believe ... .

Switching of MBAM realtime protection was the last solution ....

Tevion

Share this post


Link to post
Share on other sites
I would post all the files hit by the update, but it would be over 100 and i don't have the time ^^

I think all he needs is one to figure it out, not sure though. He said in another thread that another update just rolled out that might have fixed it.

Share this post


Link to post
Share on other sites

By the way, just for info, i updated the program and now its doing the same but not showing {Trojen.Vundo} its showing {Trojen-Downloader} there are less Fp's now thou, im only getting 3

Share this post


Link to post
Share on other sites
There has been an update that might have helped , if not I need a copy of any file hit by protection .

The update didn't fix the false positives on the startup scanner. I would also post all the files hit by the update, but it would be over 100 and i don't have the time. Malwarebytes reports about everything on two PC's here as trojans and other malware.

It's ONLY the startup scanner who has this bug. If you run a quick or complete test with Malwarebytes, nothing is found. It reports both my PC's as clean.

It's something wrong with the resident module!

As I said, about everything are reportet as malware during startup! :)

Share this post


Link to post
Share on other sites
I need from anyone having this problem a copy of any file being detected .

new signature update (1470) did not help ... same messages again and blocking startup of programs like AVAST Antivirus.

see attached screenshot.

Tevion

post-3849-1228662850_thumb.png

post-3849-1228662850_thumb.png

Share this post


Link to post
Share on other sites

I can confirm there still are a lot of programs blocked as malware after updating to database version 1470.

I've written down some but there are still a lot more detected:

C\Program Files\Mozilla Firefox\firefox.exe

C\Program Files\Spyware Blaster\SQlite36B.dll

C\Program Files\Cyberlink\PowerDVD8\CLCR Engine 3.dll

C\WINDOWS\system32\avgrsstx.dll

C\Program Files\BILLP Studios\Winpatrol\patrolpro.dll

C\Program Files\Rogue Remover Pro\Rogue Remover Pro.exe

Also Online Armor, AVG8, Java, Groove, Open Office, Sandboxie, Thunderbird, are detected as Trojan.Downloader.

I'm meeting up with a friend now so I had to quit writing down everything but everything looks like the screen shots posted by the other members.

EDIT: a quick scan still comes op with nothing and there is absolutely nothing to find in the "ignore list".

Share this post


Link to post
Share on other sites
Guest

Hello Forum,

I am new here so please go easy on me.

- Why aren't I getting any of these false positives or warnings?

- My setup has some of the same programs mentioned in this thread.

I have not had any of the aforementioned warnings from MBAM today. My setup is:

- Windows Pro XP SP3

- Avast Pro 4.8.1296

- ZA Pro 8.059.000

- Firefox 3.0.4

- MBAM 1.31 (Just updated def file to 1470)

A quick scan with MBAM found nothing either.

Should I be worried?

Peter

Share this post


Link to post
Share on other sites
Guest

MBAM log for the developers.

Malwarebytes' Anti-Malware 1.31

Database version: 1471

Windows 5.1.2600 Service Pack 3

7/12/2008 4:51:08 PM

mbam-log-2008-12-07 (16-51-08).txt

Scan type: Quick Scan

Objects scanned: 47249

Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
I need a copy of ashAvast.exe please .

Also the next update might fix the other problem .

Update 1471 didn't help either. It's not only the startup modue that's faulty. This is what happend when I should open Paint Shop Pro X

Se attachment

post-6120-1228665100_thumb.jpg

post-6120-1228665100_thumb.jpg

Share this post


Link to post
Share on other sites

updated to 1471 and still lots of files are detected i have upload some of the file that are detect to uploadNET the files are firefox 3.1 beta 1 firefox.exe and the flash player 10 file FlashUtil10a.exe

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.