Jump to content

NOT a false positive, or is it?


Recommended Posts

Hello everyone,

I have been getting infections of a MASM32 SDK installation.

I tried downloading a new copy ( http://www.masm32au.com/masm32/m32v10r.zip ), and that installed with the blocking of Suspicious.Cloud.5 by Norton Internet Security after the archive was extracted.

After installation qeditor.exe (the MASM32 IDE) wouldn't launch, but after a reboot ran without issues.

After MASM32 has been installed for a while, however, Malwarebytes detected and at my discretion quarantined qeditor.exe due to TROJAN.DROPPER.PGEN being detected.

Since this wasn't detected to start with I am beginning to suspect that there is a hidden malware somewhere on my system which is not being detected by McAfee, Norton Internet Security (which coexists with McAfee), or Malwarebytes, which later infects the MASM32 installation. This is less likely to me than the actual install file being contaminated.

This has been the case for a couple of weeks at least.

The reason I have posted this with the topic NOT a false positive is because the MASM32 site explicitly state that their SDK is clean (is built in a clean environment) and MASM32 and ASM related software often generate false positives. After Malwarebytes detects TROJAN.DROPPER.PGEN if I scan the drive MASM32 is installed on several other different infections are detected as well.

I will try downloading the package again and scan it even if nothing is detected during the install and report the findings.

Link to post
Share on other sites

This will be fixed in the next update.

OK I need to make this clear: after the trojan is detected, when I scan the drive MASM32 is installed in several other malwares are detected, also in the MASM32 installation directory. So there is definitely a strong indication of some malware activity (it's disconcerting!!). Are you suggesting that all of these, in addition to the TROJAN.DROPPER.PGEN whihc is detected in qeditor.exe, are also false positives:

Malware.Packer (calendar.exe)

Trojan.Downloader (simple.exe)

Malware.Packer (tests.exe)

Spyware.Passwords (qeplugin.dll)

Trojan.Downloader (regdemo.exe

Trojan.Downloader (vcrtdemo.exe) ?

I'm not inclined to run the editor until I have heard back from you about these: I try pretty hard to keep this system clean and I'm playing on the safe side. But it is holding me up (I am trying to do some work!) so if you can clarify with certainty about these detections I would be most grateful. I have tried with a different download link to the one I posted, http://website.assemblercode.com/masm32/m32v10r.zip but ave experienced an identical reaction from Malwarebytes. If they do turn out to be false positives I will be impressed anyway because it indicates how cautious Malwarebytes is. Thankyou for your attention.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.