Jump to content

Trojan.MSIL.SD - False Positive


Recommended Posts

I got these this morning on my scheduled scan with Malewarebytes Pro....

All programs I have been using for a long time with no trouble...

They all had to do with the following programs:

1---WINBUBBLE

2---CD BURNER XP

3---INFO BAR

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinBubble (Trojan.MSIL.SD) -> Quarantined and deleted successfully.

Files Infected:

c:\program files\common files\System\uninstall.exe (Trojan.MSIL.SD) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Either it's still giving out the same false positive, or I really have the trojan. Just got the detection this morning after a scan overnight. The file is attached (ArmoryDataTool.exe). Is it real? Have not used the program in a few weeks, and have not detected a trojan running on my box. Quarantining the file, in any case, until I hear back from you.

Thanks.

ArmoryDataTool.zip

Link to post
Share on other sites

Updated KIS 2010 and ran a full scan; clean just like previously.

Updated to MBAM Database Version 6400, scanned "cdbxpp.exe" specifically and got a clean slate.

Performed a full scan and got clean results across the board.

Thanks a bunch!

Link to post
Share on other sites

I noticed these messages in the protection log. I've attached both the protection log and the mbam log. A concern that I have is I don't recall being on the system at these times.

00:30:02 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY

00:30:07 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY

02:00:02 (null) ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:15:00 (null) MESSAGE Scheduled scan executed successfully

02:53:39 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY

02:53:46 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY

07:06:58 Carol MESSAGE Protection started successfully

07:07:02 Carol MESSAGE IP Protection started successfully

18:04:46 William MESSAGE Protection started successfully

18:04:49 William MESSAGE IP Protection started successfully

18:35:29 William MESSAGE Protection started successfully

18:35:33 William MESSAGE IP Protection started successfully

19:01:43 Carol MESSAGE Protection started successfully

19:01:47 Carol MESSAGE IP Protection started successfully

19:16:11 Carol MESSAGE Protection started successfully

19:16:15 Carol MESSAGE IP Protection started successfully

protection-log-2011-04-20.txt

mbam-log-2011-04-20 (02-26-28).txt

Link to post
Share on other sites
  • 1 year later...

MBAM snagged Trojan.MSIL three times today as I attempted to install foobar2000. I'm using MBAM Pro with a DB version of v2013.04.19.07. Latest update done today at 2:21:58 PM.

Is there a difference DB versions for free and pro versions of MBAM?

I gather from reading the postings that this problem has been fixed.

Do I ignore the malware and restore it?

I'm a nooby to this forum. Please bear with me.

Link to post
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.