Jump to content

Is this a false positive?


ally73
 Share

Recommended Posts

Detected this the other day I think it is a false positive but thought I should make sure here.Here is the log.

25/06/2011 16:45:13

mbam-log-2011-06-25 (16-45-13).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 251570

Time elapsed: 56 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Toshiba\Webshops\Amazon\addtoolbarbutton.exe (Rogue.SystemSmartSecurity) -> Not selected for removal.

Link to post
Share on other sites

  • Staff

Navigate to the file from my computer (explorer)

right click the file and send to compressed.

there should be a file created in the folder with the same name with a .zip extension (will have a folder icon with a paperclip)

Reply to this post but use the FULL Editor.

underneath the text box will be a attachemnt.

Click attach a file and a window will popup.

navigate to the zip file created and click the file once and click save.

It should show attached in the full post window.

Link to post
Share on other sites

Navigate to the file from my computer (explorer)

right click the file and send to compressed.

there should be a file created in the folder with the same name with a .zip extension (will have a folder icon with a paperclip)

Reply to this post but use the FULL Editor.

underneath the text box will be a attachemnt.

Click attach a file and a window will popup.

navigate to the zip file created and click the file once and click save.

It should show attached in the full post window.

I can't find the file from explorer anywhere.Where should this file be within explorer as I have looked at everything and cant find it.

Link to post
Share on other sites

c:\Toshiba\Webshops\Amazon\addtoolbarbutton.exe

It may possibly be hidden..

Here is a link on showing hidden files

http://www.bleepingcomputer.com/tutorials/tutorial62.html

I still can't find the file anywhere.I think I actually quarantined and deleted it so is that why I can't find it.My pc has not showing any signs at all of this system smart security virus whatever it is.I am presuming the addtoolbarbutton thing from Amazon is the Amazon button on the vista sidebar.Do you think my system should be ok.Should I run another scan and see what it throughs up.Thankyou for your help

Link to post
Share on other sites

This was more than likely a false positive. You can unquaritine it and it will be in that location and submit it here as instructed and i will verify it for you.

I can't unquarantine it because as I said I deleted it altogether from quarantine.I done another scan after a reboot and nothing was detected.Thanks for your help.P.S,I hope I dont need your help again but if I do I hope I can find whatever infected file I have so I can upload.Does Malwarebytes not have the facility like other malware programs to upload the suspect file as soon as a scan has finished without having to try and locate it,zip it then upload it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.