Jump to content

TrueCrypt 6.2a


lemonbird
 Share

Recommended Posts

Hi guys,

after updating Malwarebytes' Anti-Malware, it found an "infected" file during a QuickScan, but I think it's a false positive because:

-Jotti online check found nothing

-other local scanners on my PC (MSE, VirusScan Enterprise, Spyware Terminator) don't find anything;

-the file has been there for ages and MA-M never said it infected before;

-MA-M does not find it infected if I scan it as an individual file from context menu.

Anyway, here is the QuickScan log, and I am going to upload the zipped file.

Thank you!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7354

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

02/08/2011 15.03.57

mbam-log-2011-08-02 (15-03-12)-truecrypt62a.txt

Scan type: Quick scan

Objects scanned: 242558

Time elapsed: 32 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\truecrypt setup 6.2a.exe (Trojan.Agent.Gen) -> No action taken.

Link to post
Share on other sites

I forgot

Jotti's result

http://virusscan.jotti.org/en/scanresult/e8e6a003244cf02ff209f046852b4e31f862f2a3/cec441caf493b33aa08a554e470cb04da0fab697

and the attachment with zipped file TrueCrypt Setup 6.2a.zip.

Also, the reason why M-AM did not find anything in the individual scan is that I put the file in the Ignore list. Now I removed it from the list and the program finds it infected again.

Link to post
Share on other sites

  • Staff

Is there a reason this is being executed from the root of this data folder? As this is a storage folder for other folders only and no executable file should ever be there MBAM does not let you get away with much at this location.

I can fix this for you but root location (locations where only other folders should be located) is not a good place to store/execute software.

Link to post
Share on other sites

Is there a reason this is being executed from the root of this data folder? As this is a storage folder for other folders only and no executable file should ever be there MBAM does not let you get away with much at this location.

I can fix this for you but root location (locations where only other folders should be located) is not a good place to store/execute software.

No reason. Actually I don't remember why on earth I put it there!

Anyway, I'd suggest that MBAM informed about the unusual location.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.