Jump to content

Possible false Positive of Trojan.Agent


Idontknowme
 Share

Recommended Posts

I did a full scan on MBAB and then i got an infection (Trojan.Agent) in my E:\WINDOWS\Setup1.exe ( all my important system/program files go into my e drive).... and sumbit it to Virustotal.com where only one scanner found it suspicious:heres the - result of my log file on the scan... i really need to know if its indeed a false positive before i start doing anything

Malwarebytes' Anti-Malware 1.31

Database version: 1564

Windows 5.1.2600 Service Pack 2

12/28/2008 7:51:08 PM

mbam-log-2008-12-28 (19-51-04).txt

Scan type: Full Scan (E:\|)

Objects scanned: 89022

Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

E:\WINDOWS\Setup1.exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

MBAM is aggressive against executables in odd locations and that is the case here . If you had named that folder installers or applications this FP would be avoided .

Add this to your ignore list to avoid future detections .

can please explain what u mean by "If you had named that folder installers or applications this FP would be avoided"... cause to honest i am a little confuse...

And thank you for help .. i will add it to my ignore list

Link to post
Share on other sites

  • Staff
can please explain what u mean by "If you had named that folder installers or applications this FP would be avoided"... cause to honest i am a little confuse...

And thank you for help .. i will add it to my ignore list

WINDOWS\Setup1.exe <- MBAM looks at that folder as a system folder because of its name and lets you get away with a lot less because of it .

If you customize a system in a way that replicates what the bad guys do you will get more false positives .

Link to post
Share on other sites

WINDOWS\Setup1.exe <- MBAM looks at that folder as a system folder because of its name and lets you get away with a lot less because of it .

If you customize a system in a way that replicates what the bad guys do you will get more false positives .

I'm running Win XP Home SP2 --- No Customization of the Windows Directory.

I have the same "False Posative". I should Point out that I'm pretty certain that this is a False Posative.

The File in question, is in the C:\WINDOWS Directory. It's File-name is Setup1.exe. and in it's Properties,

It's listed as a Microsoft File [Visual Basic 6.0 Setup Toolkit]. I put it in my Ignore List.

Ken: :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.