Jump to content

MBAM reporting Agnitum Outpost Firewall Pro as Trojan


ottchris

Recommended Posts

In the last hour or so MBAM has decided that various Agnitum Outpost Firewall Pro modules are Trojan agents. Unable to get MBAM to run in developer mode at moment; at least, logs after single file scan do not appear to be 'verbose. Here's one log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8017

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

25/10/2011 17:57:27

mbam-log-2011-10-25 (17-56-04).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\Agnitum\outpost firewall pro\wl_hook64.dll (Trojan.Agent) -> No action taken.

End Quote

Other files reported (in piecemeal fashion include wl_hook.dll, log_converter.dll, SAND.OFP etc.

[stop Press]

New database has just downloaded and the flash scan reported:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8018

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

25/10/2011 18:32:10

mbam-log-2011-10-25 (18-32-01).txt

Scan type: Flash scan

Objects scanned: 204007

Time elapsed: 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acssrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) Good: () -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Trojan.Agent) -> No action taken.

c:\program files\Agnitum\outpost firewall pro\acs.exe (Trojan.Agent) -> No action taken.

A precursor to all this was machine failing to wake up from sleep mode (had to force reboot). All the above followed reeboot but no other obvious problems. Gut feeling is forced reeboot caused some data corruption. Anyone else having Outpost Pro false positives? i.e. hoping it's not data corruption!!

Regards to All,

Chris

Link to post
Share on other sites

Thank you for reporting this. It shall be fixed in our next update.

Confirm no Outpost Firewall FPs with Database version 8019 so problem resolved. Many Thanks. Apologies for missing attachments in *my* reply (thanks to other poster for correctly attaching files). I did attach but did not realize the post went without attachment. I will double check next time.

Regards to all,

Chris

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.