Jump to content

Possible false Positive of Trojan.Agent


Idontknowme

Recommended Posts

I did a full scan on MBAB and then i got an infection (Trojan.Agent) in my E:\WINDOWS\Setup1.exe ( all my important system/program files go into my e drive).... and sumbit it to Virustotal.com where only one scanner found it suspicious:heres the - result of my log file on the scan... i really need to know if its indeed a false positive before i start doing anything

Malwarebytes' Anti-Malware 1.31

Database version: 1564

Windows 5.1.2600 Service Pack 2

12/28/2008 7:51:08 PM

mbam-log-2008-12-28 (19-51-04).txt

Scan type: Full Scan (E:\|)

Objects scanned: 89022

Time elapsed: 12 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

E:\WINDOWS\Setup1.exe (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

MBAM is aggressive against executables in odd locations and that is the case here . If you had named that folder installers or applications this FP would be avoided .

Add this to your ignore list to avoid future detections .

Link to post
Share on other sites
MBAM is aggressive against executables in odd locations and that is the case here . If you had named that folder installers or applications this FP would be avoided .

Add this to your ignore list to avoid future detections .

can please explain what u mean by "If you had named that folder installers or applications this FP would be avoided"... cause to honest i am a little confuse...

And thank you for help .. i will add it to my ignore list

Link to post
Share on other sites
can please explain what u mean by "If you had named that folder installers or applications this FP would be avoided"... cause to honest i am a little confuse...

And thank you for help .. i will add it to my ignore list

So i will know how to avoid this kind of FP in the future

Link to post
Share on other sites
can please explain what u mean by "If you had named that folder installers or applications this FP would be avoided"... cause to honest i am a little confuse...

And thank you for help .. i will add it to my ignore list

WINDOWS\Setup1.exe <- MBAM looks at that folder as a system folder because of its name and lets you get away with a lot less because of it .

If you customize a system in a way that replicates what the bad guys do you will get more false positives .

Link to post
Share on other sites
WINDOWS\Setup1.exe <- MBAM looks at that folder as a system folder because of its name and lets you get away with a lot less because of it .

If you customize a system in a way that replicates what the bad guys do you will get more false positives .

I'm running Win XP Home SP2 --- No Customization of the Windows Directory.

I have the same "False Posative". I should Point out that I'm pretty certain that this is a False Posative.

The File in question, is in the C:\WINDOWS Directory. It's File-name is Setup1.exe. and in it's Properties,

It's listed as a Microsoft File [Visual Basic 6.0 Setup Toolkit]. I put it in my Ignore List.

Ken: :)

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.