Jump to content

Trojan in SoftwareDistribution, or false?

Recommended Posts

Hello, I ran a scan of my system using the free Malwarebytes and a file popped up. I couldn't find anything about it, so I didn't delete it. Here is the log:

Malwarebytes' Anti-Malware 1.46


Database version: 7895

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/10/2011 21:45:29

mbam-log-2011-10-12 (21-45-29).txt

Scan type: Full scan (C:\|)

Objects scanned: 400598

Time elapsed: 1 hour(s), 15 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\SoftwareDistribution\Download\940152402a4a8a9bb7befb47c574cbc8c4a42981 (Trojan.Agent) -> Not selected for removal.

The first is, I think, because I have Norton running. But the second file in the WINDOWS\SoftwareDistribution is an odd one, is it a false positive? It just looks like the usual Windows update file.


Link to post
Share on other sites

Hi, EricG:

Welcome to MBAM.

I'm just a home user, so I'm not qualified to interpret scan logs, but yes, that first item can be just a "detection" typical of the AV programs that integrate with and turn off notifications of the Windows Security Center. (If you search the forums here, you'll find many a thread about this particular "issue".)

As for the other detection, we'll definitely need to wait for someone more expert to evaluate it.

Normally, we cannot/do not review scan logs for malware here in the General MBAM forum; this is normally handled only in the Malware Removal forum, where qualified experts can assist with detection and cleaning.

And there is another subforum for posting suspected "false positive" detections here.

I expect a more expert member or MBAM staffer will be able to scan your posted log and refer you to the appropriate board, if need be.

In the latter case, please be sure to read the "sticky" topics pinned to the top of each forum before you post there.

Thanks for your patience,


Link to post
Share on other sites

Thanks Daledoc1 for the warm welcome.


I am unable to update my Malwarebytes. I've seen all of the posts about this problem and have tried to fix it myself, but it simply won't work. I upgrade manually, and I know that is always old, but I don't know how to upgrade to 1.51 as, I believe, if I download the product from scratch it will try to upgrade automatically, which won't work on my computer.

Do you believe it is a false positive? You seem to assume it is.

Link to post
Share on other sites

EricG, I am not sure if you mean you can not update using the update from Malwarebytes or if you tried downloading the new version and had issues, that being said, the instructions below will help you install the latest version.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here

    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Link to post
Share on other sites

  • Staff

Well its very important that you update. The older versions will be severly limited in detecting the newest threats. Pleas follow firefox's instructions on getting updated to see if the newer version filters out the false positive. There were a lot of changes made to the whitelist and defnitions so this may not be even detected in the latest version.

Also go ahead and please upload the file to the false positive forum as instructed and will be check from here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.