Jump to content
J. L.

Trojan.MSIL.SD - False Positive

Recommended Posts

I got these this morning on my scheduled scan with Malewarebytes Pro....

All programs I have been using for a long time with no trouble...

They all had to do with the following programs:

1---WINBUBBLE

2---CD BURNER XP

3---INFO BAR

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinBubble (Trojan.MSIL.SD) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\common files\System\uninstall.exe (Trojan.MSIL.SD) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites
Files Infected:

c:\program files\common files\System\uninstall.exe (Trojan.MSIL.SD) -> Quarantined and deleted successfully.

Hello, please deQuarantine the file. Then update mbam and rescan again.

Share this post


Link to post
Share on other sites

I did all that.

I didn't know about the problem until after I visited this forum..

The program didn't update automaticly this morning before I got the warnings..

Thanks

Share this post


Link to post
Share on other sites

Either it's still giving out the same false positive, or I really have the trojan. Just got the detection this morning after a scan overnight. The file is attached (ArmoryDataTool.exe). Is it real? Have not used the program in a few weeks, and have not detected a trojan running on my box. Quarantining the file, in any case, until I hear back from you.

Thanks.

ArmoryDataTool.zip

Share this post


Link to post
Share on other sites

Hello, I scanned the file 'ArmoryDataTool.exe' with latest mbam database: 6399 and it wasn't detected. Which database version are you currently on?

Share this post


Link to post
Share on other sites

I am also receiving false positives. I scan and update my computer twice per day. After the last update 68 files were found in trusted programs such as Microsoft Visual Studio .net. Please advise.

Share this post


Link to post
Share on other sites
. After the last update 68 files were found in trusted programs such as Microsoft Visual Studio .net

MBAM would have created a log for this scan. Please post that.

Share this post


Link to post
Share on other sites
Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6395

The latest database is 6399. Please update mbam and scan once more

Share this post


Link to post
Share on other sites

Updated KIS 2010 and ran a full scan; clean just like previously.

Updated to MBAM Database Version 6400, scanned "cdbxpp.exe" specifically and got a clean slate.

Performed a full scan and got clean results across the board.

Thanks a bunch!

Share this post


Link to post
Share on other sites

I noticed these messages in the protection log. I've attached both the protection log and the mbam log. A concern that I have is I don't recall being on the system at these times.

00:30:02 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY

00:30:07 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY

02:00:02 (null) ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:15:00 (null) MESSAGE Scheduled scan executed successfully

02:53:39 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY

02:53:46 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY

07:06:58 Carol MESSAGE Protection started successfully

07:07:02 Carol MESSAGE IP Protection started successfully

18:04:46 William MESSAGE Protection started successfully

18:04:49 William MESSAGE IP Protection started successfully

18:35:29 William MESSAGE Protection started successfully

18:35:33 William MESSAGE IP Protection started successfully

19:01:43 Carol MESSAGE Protection started successfully

19:01:47 Carol MESSAGE IP Protection started successfully

19:16:11 Carol MESSAGE Protection started successfully

19:16:15 Carol MESSAGE IP Protection started successfully

protection-log-2011-04-20.txt

mbam-log-2011-04-20 (02-26-28).txt

Share this post


Link to post
Share on other sites

Greetings WGB,

This was fixed yesterday. They shouldn't appear in your future logs.

Share this post


Link to post
Share on other sites

MBAM snagged Trojan.MSIL three times today as I attempted to install foobar2000. I'm using MBAM Pro with a DB version of v2013.04.19.07. Latest update done today at 2:21:58 PM.

Is there a difference DB versions for free and pro versions of MBAM?

I gather from reading the postings that this problem has been fixed.

Do I ignore the malware and restore it?

I'm a nooby to this forum. Please bear with me.

Share this post


Link to post
Share on other sites

@dareyou. Apologies for the false positive. It shall be fixed in the next update.

Share this post


Link to post
Share on other sites

The attached file isn't detected. Have you updated to latest database? Currently at v2013.06.01.03

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.