Jump to content

Recommended Posts

After the latest update both the x86 and x64 versions of ctrpp.exe are being flagged as Trojan.FakeMS are these files safe or should they be quarantined? Attached are the files in question.

Mbam Log:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6777

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/5/2011 5:49:54 PM

mbam-log-2011-06-05 (17-49-40).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)

Objects scanned: 341308

Time elapsed: 26 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files (x86)\microsoft sdks\Windows\v7.0A\Bin\ctrpp.exe (Trojan.FakeMS) -> No action taken. [b3c6ad6d0ef2c040e65ec9d4ab55649c]

c:\program files (x86)\microsoft sdks\Windows\v7.0A\Bin\x64\ctrpp.exe (Trojan.FakeMS) -> No action taken. [7ffa5cbede2221dfe064c2db2bd59868]

ctrpp.zip

Link to post
Share on other sites

from Microsoft SDK ?

File name: ctrpp.exe

Submission date: 2011-06-05 22:03:01 (UTC)

Result: 0/ 43 (0.0%)

MD5 : 39b94ea30633fedb92aa0ba960dcaac0

SHA1 : 1eff950042ea9b3f75ea123179ac5772cb373f91

SHA256: 406f512d82442819587415ba1b45def42bf64e963651a2793a3f768ee8eae6ee

http://www.virustotal.com/file-scan/report.html?id=406f512d82442819587415ba1b45def42bf64e963651a2793a3f768ee8eae6ee-1307311381

===

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6776

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/5/2011 5:52:17 PM

mbam-log-2011-06-05 (17-52-17).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 292458

Time elapsed: 2 hour(s), 41 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\wildman424\my documents\visual studio 2010\microsoft sdk\Tools\Bin\ctrpp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

====

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6779

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/5/2011 7:24:51 PM

mbam-log-2011-06-05 (19-24-51).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\wildman424\my documents\visual studio 2010\microsoft sdk\Tools\Bin\ctrpp.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. [94e773a76d933cc4ae94b7e69070ab55]

Link to post
Share on other sites

I updated to database version 6790 and it's still identifying this file as Trojan.FakeMS. I have attached the file in question and have checked the Digital Signature, nothing seems wrong with the file.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.