16 replies to this topic

[lordpake]

Seems there's f/p in ClamAV database regarding certain file belonging to MBAM.

Quote

C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe: Joke.FakeInfect FOUND

(At least) I have reported this to them.

[RubbeR DuckY]

Thanks for reporting it! Let me know when they have fixed it .

[lordpake]

Will do I have no idea have fast (or slow) those guys are correcting f/p's ...

[S3v3n]

Mcafee Enterprise is also showing mbam-dor.exe to be infected with Generic.dx Trojan

[Killavirus.:LLS:.]

S3v3n, on Oct 4 2008, 05:32 PM, said:

Mcafee Enterprise is also showing mbam-dor.exe to be infected with Generic.dx Trojan

is somebody else reporting mcafee enterprise or shall i ???

*edit nm done it

[DaChew]

http://forums.mcafeehelp.com/showthread.ph...3608#post533608

[Rainbow1112]

Fortinet is now detecting this file as a PossibleThreat

http://www.virustotal.com/analisis/21c6c05...8325204f604af2b

[lordpake]

Rainbow1112, on Oct 6 2008, 09:46 PM, said:

Fortinet is now detecting this file as a PossibleThreat

I reported that one to them (or so I hope).

[JeanInMontana]

All seems a bit too coincidental.

[lordpake]

Got a reply from Fortinet. They have removed the detection. And running the file throug VT confirms this http://www.virustotal.com/analisis/a551202...b6899e29f49b527

[Raid]

lordpake, on Oct 7 2008, 03:56 AM, said:

Got a reply from Fortinet. They have removed the detection. And running the file throug VT confirms this http://www.virustotal.com/analisis/a551202...b6899e29f49b527

Welcome to the world of cutthroat Antivirus.

Basically, when one major player decides to detect something, the others tend to follow suit until/unless it's brought to their attention that the suspect file isn't bad at all. The only recourse for the user is to wait for their av to fix the issue, or switch to another av. Neither of which is what I would call, excellent as your at the avers mercy at that point.

[lordpake]

Quote

ClamAV update process started at Thu Oct 16 12:40:03 2008
main.cld is up to date (version: 48, sigs: 399264, f-level: 35, builder: sven)
daily.cld is up to date (version: 8433, sigs: 48055, f-level: 35, builder: guitar)

2 weeks has passed. False positive detection involving mbam-dor.exe remains.


They obviously place high priority on fixing false positives Lucky for us MBAM users Clam-derivates enjoy such widespread usage in the Windows world

[lordpake]

Fixed. Either that or the file has changed

http://www.virustotal.com/analisis/9308c90...d0257fb8731bdfd (0/36 detection)

[RubbeR DuckY]

Nice, thanks .

[leofelix]

Real time protection of Kasperky Internet Security 2009 detects MBAM 1.30 setup file as "Trojan.Generic", It's a false positive, I know.
I could install MBAM anyway

[lordpake]

(I just had to resurrect this thread )

Ah! The ultimate in irony

I did a memory scan with ClamWin, witness the shocking result:

Quote

D:\Program Files\ClamWinPortable\ClamWinPortable.exe: Trojan.Agent-65355 FOUND

Seems it happens even to the best of us.

[Mad Dog Vee]

I'm glad you did. That has me ROFL