Jump to content
J. L.

Trojan.MSIL.SD - False Positive

Recommended Posts

There is no scan log, because it was detected on-execution, not during scanning.

Here is the attached file. Please fix soon.

Share this post


Link to post
Share on other sites

Why can't I edit my thread post?

Also, you should really just attach the file without having to click another button, especially after clicking post.

CCEnhancer.zip

Share this post


Link to post
Share on other sites

Hi Mbytes,

Got a threat detection on cdbxpp.exe when conducting a full scan. Have used this software before with no problems and have also scanned file with Microsoft Security Essentials which shows a clean file

Please advise

Cheers

mbam-log-2011-04-19 (12-59-29).rar

Share this post


Link to post
Share on other sites

Hello,

First time poster, so I'm not entirely familiar with the MBAM culture, so please forgive me if I'm making a mistake here (I'm sleep deprived right now, as it's ~2 AM where I'm at).

2011-04-07, I ran a full MBAM scan and had nothing infected.

Yesterday (really, all but a few hours ago), I ran MBAM and had cdbxpp.exe flagged as infected.

Now there are two variables I'm having to consider:

  1. I Updated MBAM Prior to Running the Scan
  2. I Went to ubuntugeek.com

The first is self-explanatory, but the second is where I'm concerned.

Here are two links that have me disconcerted. The second one was a URL scan I submitted after reading a couple posts that referenced virustotal.com being an integral tool for diagnosing possible malware.

It was after I visited ubuntugeek.com that I decided to run MBAM. The thing was, I'm pretty sure everything would have been fine had I just left it alone when browsing w/Chrome, but I had to get adventurous. I decided I'd see if the same warning page from Google would pop-up when running Firefox 4. Well, it didn't. I didn't navigate to any links or stay on for very long in Firefox, but feeling a little paranoid, I ran a full scan with KIS 2010 after updating it. No infections found. Following that, I updated MBAM, ran a full scan and CDBurnerXP was flagged. Under the "Vendor" column there was "Trojan.MSIL.SD", with "C:\Program Files\CDBurnerXP\cdbxpp.exe" referenced as the "Item"; I right clicked it and went to "Vendor Information". This is the link I was routed to: http://www.malwarebytes.org/malwarenet.php?name=Trojan.MSIL.SD. As you can see, the message I received was "This entry no longer exists. Please contact our support team about this problem."

I decided to do a Google search and found this on the MBAM Forums, so that's why I thought this might also be a False Positive with the new update, which I would have been fine with, had it not been for xivee.com (ubuntugeek.com - make no mistake, I'm not blaming ubuntugeek, I realize it's xivee.com that's the problem URL/URI). So, still feeling uncertain, I ran an MD5Sum Hash against the cdbxpp.exe and got this:

0373ba18fd585e102ce6af9d7e5ed152

With this, I ran a query against VirusTotal and got this result: http://www.virustotal.com/file-scan/report.html?id=0e274ea5e7908fcfde94337e2095e0c6ad7e4d0c7eb703ebb99f12b066149906-1302273251. Other than the Anonymous comment flagging it for malware, there's no indication that it is; unfortunately, MD5 can be subverted quite easily, so I'm not entirely put at ease with this either. An hour or so ago, Kaspersky had another update, so I scanned "cdbxpp.exe" again and still had no malware issue; compared it to another MBAM scan and still had it recognized as malware (specifically targeted only "cdbxpp.exe" in both instances). Of course, that was me being naively hopeful, but I figured it was worth a shot.

FYI, I've had CDBurnerXP since Tuesday, November 9, 2010. Downloaded from CNET, since all the downloads I've had from there have been safe, in my experience.

Attached are both log files showing the difference in results (EDIT: couldn't upload earlier due to "forums.malwarebytes.org Driver Error". Tried to use "advanced uploader", but that didn't work either, database issue being cited as cause).

Apologies for the long-winded post; just wanted to make sure that I was thorough in helping you diagnose the issue (there'd be a lot less reason to worry if I had just used Ubuntu to go to that site in the first place, doh!).

mbam-log-2011-04-07 (19-55-47).txt

mbam-log-2011-04-19 (00-23-32).txt

Share this post


Link to post
Share on other sites

Title says it all, really.

Here's one such file.

Looking at some of the other posts it seems that MSIL.sd is being detected in a lot of programs.

Textwriters.zip

Share this post


Link to post
Share on other sites

Apologies. This is a false positive which shall be fixed in our next update.

Share this post


Link to post
Share on other sites

To better keep track, I have merged all the topics here.

Ok, so I'm not the only one with the same error; so I guess I'm being overly paranoid about the possible "Drive-By Download" from xivee.com?

I know MBAM support isn't really meant to address this kind of issue, but if anybody has any personal experience they'd like to share, I'd really appreciate it.

Sorry, it's just that I've never been infected on my personal box, especially since I take extra care to make sure I'm secure. Well, there's that and the fact that Andy Grove has helped to fortify my pessimistic imagination =P.

Share this post


Link to post
Share on other sites

Hello, please update to database version: 6396

Please let us know if we're still picking up those files.

Share this post


Link to post
Share on other sites

Hello, please update to database version: 6396

Please let us know if we're still picking up those files.

This seems to have fixed my problem - I was about to report iPhoneBrowser being reported as Trojan.MSIL.SD too, however the update fixed it.

Share this post


Link to post
Share on other sites

seagate seatools detected as Trojan.MSIL.SD

Hello, this was fixed earlier. Please update mbam and scan again.

Share this post


Link to post
Share on other sites

Also found in spellcheck anywhere

All OK after defs update. Thanks

Share this post


Link to post
Share on other sites

i got two of the trojan.msil.SD. here are the attached files.

there from a game i installed on my slave drive and i've been using them for 4 months so i can't see how this happens and how it just showed up now.

here's the log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6395

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

19/04/2011 12:32:39

mbam-log-2011-04-19 (12-32-31).txt

Scan type: Full scan (C:\|E:\|G:\|)

Objects scanned: 456075

Time elapsed: 2 hour(s), 35 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

e:\installedgames\dragon age\dao-modmanager.exe (Trojan.MSIL.SD) -> No action taken.

e:\installedgames\dragon age\propertygridex.dll (Trojan.MSIL.SD) -> No action taken.

Dragon Age questionable files.rar

Share this post


Link to post
Share on other sites
Database version: 6395

Hello, you're using an older database. Please update and rescan.

Share this post


Link to post
Share on other sites

ok, just did a scan of just those 2 files and now there clean, i wasn't sure before so i just ignored them, when i updated to 6397 i then un-ignored them i scanned them and therer now clean... odd.

Share this post


Link to post
Share on other sites

Full scan found nothing yesterday, then I got an execution alert on bosonserialization.dll at some point during the night. Scanned the file with Norton and found nothing.

Came up as Trojan.MSIL.SD, file attached (hope I did this right - just purchased the software and my first post).

Bosonserializationdll.zip

Share this post


Link to post
Share on other sites
Full scan found nothing yesterday, then I got an execution alert on bosonserialization.dll at some point during the night.

Hello, please update and rescan with mbam again.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.