Jump to content
Coronamaker

Possible False Positive inSSIDer

Recommended Posts

I downloaded inSSIDer 2 from MetaGeek: http : // www . metageek.net/products/inssider/

Software for identification of wireless networks.

Upon installation I get the following:

09:24:12 Bxxxx Sxxxxxx DETECTION C:\Documents and Settings\Bxxxxx Sxxxxx\Local Settings\temp\7ZipSfx.000\Bootstrap.exe Trojan.FakeMS.MGen

I did a UniExtract on the Installer package, and pulled out the BootStrap.exe file to run developer mode on.

Developer Mode scan shows;

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6733

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/31/2011 10:56:31

mbam-log-2011-05-31 (10-56-25).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\bxxxxx sxxxxx\desktop\controlled test\inssider-installer-2.0.7.0126\bootstrap.exe (Trojan.FakeMS.MGen) -> No action taken. [80cd54c6e21ee8188fe0adde35cbd52b]

BootStrap.zip attached.

Bootstrap.zip

Share this post


Link to post
Share on other sites

Hi Coronamaker,

Thankyou for taking the time to collect and report this data.

It will be fixed on the next update.

Share this post


Link to post
Share on other sites

I realize this is a slightly older thread, but it's what the search found for me.

Just scanned my laptop and Malwarebytes detected every single bit of inSSIDer as malware!

I ignored all of them, but if this is what the topic was originally about, it hasn't been fi xed!

Share this post


Link to post
Share on other sites

Can you please post a developer scan. We need that to fix it. Instructions are stickied in this forum.

Not on a laptop today, but will scan and post next time I'm on one (tomorrow probably)

Thank you

@gerardwil

Was that a FULL scan you ran?

I had nothing found when doing a quick scan also. Never have figured out what sense it makes to do a quick scan or why that is even included?!

Share this post


Link to post
Share on other sites

Can't edit above post, but just for an experiment, I installed inSSIDer on this desktop that does not have wireless and ran Mbam in developer mode.

Nothing detected, inSSIDer or otherwise.

Will DEFINITELY get on a laptop and try this though. Maybe even later this evening.

Share this post


Link to post
Share on other sites

Just ran full scan on a different laptop than I was originally on when I replied, but Mbam found nothing on this one.

So, what's the difference between running Mbam regularly and running it from the run command using mbam.exe /developer?

Share this post


Link to post
Share on other sites

Developer adds hashes to the detections so we can figure out which definition is hitting the file.

Thanks for that quick explanation!

Just for kicks, I just ran a regular quick and full scan. Nothing found.

Not positive if I may have had an older version of inSSIDer installed on other laptop or not. Will DEFINITELY get on that laptop next, either this evening or tomorrow morning, and re-scan.

Thanks again :)

Share this post


Link to post
Share on other sites

Hmm? Interesting.

That WAS on a wireless laptop connected wirelessly, correct?

Yes, wireless and connected using XP Prof.

Share this post


Link to post
Share on other sites

Here we go. On the laptop that I originally had this issue on, and still do!

FWIW,

I didn't update Mbam before I ran this scan but it had been updated just before running it when I originally posted, so if issue was fixed in very next release, it shouldn't show up next time.

mbam-log-2011-12-25 (05-47-20).txt

Share this post


Link to post
Share on other sites

Here we go. On the laptop that I originally had this issue on, and still do!

FWIW,

I didn't update Mbam before I ran this scan but it had been updated just before running it when I originally posted, so if issue was fixed in very next release, it shouldn't show up next time.

Oops!

Zip format

Really need an edit button here ;)

Hope this is how you wanted the file saved?

mbam-log-2011-12-25 (05-47-20).zip

Share this post


Link to post
Share on other sites

How did this get broke again as this topic was created clear back on May 31st? Why isn't Mbam detecting anything on the second laptop or the desktop I installed inSSIDer on, for kicks?

Have 2 other laptops I need to check this out on. Will do one either a little later tonight or first thing tomorrow morning.

Thanks Shadowwar

Share this post


Link to post
Share on other sites

It wasnt the same def that hit as before and has more to do with the custom install of the mismatched folder u installed it in and heurisitics. We adjusted the def so that one should not hit any longer.

Share this post


Link to post
Share on other sites

Thought that's what you meant by "We adjusted the def so that one should not hit any longer."

Have one more laptop to test that fix on and will do so as soon as I finish getting everything on it updated.

Share this post


Link to post
Share on other sites

OK. I am considering this issue solved then as I just ran a full scan on this laptop in which Mbam HAD alerted to inSSIDer on before.

No issues.

Thank you

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.