Jump to content

Recommended Posts

Today I ran my daily quick scan on my desktop computer running WindowsXP Pro SP3. The MBAM database was 6352. To my astonishment, MBAM claimed to find three instances of Trojan.Agent malware, all having to do with the program USBSafelyRemove, which I have had on my computer for many months and which has not been flagged until now. I told MBAM to Remove (i.e., Quarantine) the malware. I then ran another scan, which was OK. I then ran MBAM (same database) on my Windows7 netbook, and it too reported the same three Trojan.Agent problems with USBSafelyRemove. I hadn't even used my netbook in more than a week. Scans done when I HAD used it came up clean. This made me think that perhaps MBAM's finding was a false positive.

In the instructions for reporting a false positive, it asks that one submits a developer's log. I followed the instructions for creating such a log, but the resulting log looked exactly like the regular logs. It had no more detailed information than what is in the regular log. I tried also with my netbook: same story.

Here's what the initial logfile report said:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6352

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/13/2011 1:11:08 PM

mbam-log-2011-04-13 (13-11-08).txt

Scan type: Quick scan

Objects scanned: 164791

Time elapsed: 9 minute(s), 4 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\program files\usb safely remove\usbsrservice.exe (Trojan.Agent) -> 328 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSafelyRemoveService (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\usb safely remove\usbsrservice.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Here's what I got when I tried to run mbam.exe /developer:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6352

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

4/13/2011 1:58:34 PM

mbam-log-2011-04-13 (13-58-34).txt

Scan type: Quick scan

Objects scanned: 164645

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

All of this is from my desktop computer. I'm not sure what to do, but I am somewhat skeptical about the Trojan.Agent findings on both computers, especially since daily scans on the desktop revealed no problems until today, and my netbook hadn't even been opened for more than a week.

Thanks for your help.

Link to post
Share on other sites

Well, I decided to send to Virus Total one of the files MBAM had flagged and quarantined. To my delight, NO security programs on Virus Total (0/42) found the file to be malware. That makes me more sure than ever that there's something wrong with MBAM database 6352 rather than with my files. I hope this gets fixed quickly.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.