Jump to content

Two possible false positives


webwench
 Share

Recommended Posts

After I did a full scan last night, MBAM told me the exe file for the game Still Life, which has been on my hard drive since 2005, was infected with Malware.Gen.

I ran this file through Avast Anti-Virus and it was pronounced clean.

I had intended to post about this being a possible false positive last night. I had quarantined the file, but before running the required scan in developer mode I restored the file to where it had originally been.

Unfortunately, I forgot to restart my computer before I ran the developer mode scan, which I understand is necessary to complete the process when files are taken out of quarantine and restored. I didn't realize this until the second scan had finished.

Each scan takes appx 2.5 hours to complete. I'd already spent 5 hours scanning, it was late, and I just wasn't up for running another one. Instead, I uninstalled/reinstalled Still Life. I played a bit of it to be sure it worked. Everything seemed fine.

I decided to run another full scan this morning after updating (which I do prior to every scan). I was once again informed that the same StillLife.exe file, which I had just uninstalled/reinstalled hours before, was infected with Malware.Gen. However, a second file in my Still Life directory (in the DLL folder) was also shown as infected: mckinputblocks.dll.

When the above scan finished, I left MBAM open with the scan results displayed while I took care of some work that had come in. When I tried to close the program a couple of hours later so I could run another scan in developer mode to accompany my report of possible false positives, I received a message that a scan was currently in progress.

I have a screenshot of this message as well as a completed scan log if you'd care to see them. As no scan had been in progress, I closed the program.

I then ran another scan in developer mode. This time, four files were identified as being infected with Malware.Gen: the two I've already mentioned and two system restore files. FYI, I ran all four of these files through Avast Anti-Virus and they came back clean.

I tried to also scan the files individually with MBAM. I received a message that a scan was currently in progress. There was no scan in progress.

I decided to uninstall/reinstall Still Life again. First, I dumped all restore points in System Restore. After the uninstall, I dumped the one system checkpoint that had automatically generated after I removed all previous restore points.

After the reinstall, I *immediately* ran another scan in developer mode. I was *again* informed that both StillLife.exe and mckinputblocks.dll were infected with Malware.Gen.

I don't see how this could have been possible as the game's software had just placed the files on my hard drive. As far as I know, there's no way they could have become infected that fast.

I've taken no action regarding the purportedly infected files. I've left everything as it was when the scan completed.

I'm attaching a zip file containing the developer mode scan log as well as StillLife.exe and mckinputblocks.dll. I hope I've done things correctly.Thanks!

mbam-log-(22-09-32).zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.