41 replies to this topic

[almirsahbaz]

I just scanned my computer and malwarebytes reported this file as infected (Trojan.FakeAlert). This file wasn't modified since 2009 and I think this might be a false positive. I attached my scanning results and this file, so you can check it and fix this in next update.

Attached Files

•  mbam-log-2012-05-17 (21-25-37).txt   2.13K   10 downloads
•  DFDWiz.rar   36.98K   24 downloads

[MartinOShea]

Hello

I've also had Malwarebytes report this file:

C:\Windows\System32\DFDWiz.exe

As as a (Trojan.FakeAlert). But the version of the file, on a Windows 7 laptop, is reported as last having been modified on 14 Jul 2009 @ 02 14 hrs.

The file's version is: 6.1.7600.16385. My version of Malwarebytes is 1.60.1 and the database version is v2012.05.17.06.

Can you tell me if this is a genuine issue or not?

Thanks

Martin O'Shea.

[Beenthere]

It's definitely a FP, I got this aswell and I have been completely clean for years now.

[almirsahbaz]

In my case file which is located in C:\Windows\System32\DFDWiz.exe is not reported as infected. Mine is located in C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe

[Moose1964]

New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.

Attached Files

•  mbam-log-2012-05-17 (13-32-57).txt   2.18K   2 downloads

[MartinOShea]

For what it's worth, scans of file:

C:\Windows\System32\DFDWiz.exe

By Microsoft Security Essentials and Norton Internet Security with current definitions don't detect anything.

[MartinOShea]

DFDWiz.exe is given a clean bill of health here:

https://www.virustot...d2f99/analysis/

[nosirrah]

About to be fixed.

[Moose1964]

nosirrah, on 17 May 2012 - 03:28 PM, said:

About to be fixed.

nosirrah, is this something we should worry about?

[almirsahbaz]

Update just came out, and this is fixed. Thank you.

[MartinOShea]

Running a scan here and everything seems fine. Thanks for the excellent service.

[nosirrah]

Thanks for reporting back guys.

[Moose1964]

Thanks for the fix! Everything is back to normal on my end!

[WhitePhoenix]

There's someone on the Malware Removal help forum that's reporting this. Since normal users aren't allowed to post in other users' topics, can one of the higher level members go into that topic and let the user know that their system is fine and this was a false positive? Maybe make some sort of sticky?

[turtledove]

Thanks nosirrah, just ran dev mode and all 3 scan types after dequarantining the file when I got home. Also in normal flash scan. All is well since update 7 forward.

Thanks for all the work you do.

Kind Regards

[skinny]

I had this problem, the following 2 files were quarantined and show up on the quarantined page. After finding they were false positives I treis to restore them. The frist one restores, the second will not and remains as quarantined. I am running the Windows 7 with the latest corrections, version on malware bytes is 1.61.0.1400, database v2012.05.18.01, fingerprints 326170

C:\Windows\System32\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\winsxs\x86_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_c50b5b3967029178\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

So how do I get the file back, apart from doing a windows restore and hoping it does it?

thanks

[ads_green]

Moose1964, on 17 May 2012 - 03:02 PM, said:

New Member, I just reviewed your mbam-log and it almost identical to your log. I ran a full scan because my files and programs are opening up slow. Ran my avast internet security and no viruses found. Do you have any idea on why my programs and files are taking longer to open up? This just started today. Also I have attached my mbam-log for you to review.

I can help here.
The problem is related to Avast - the latest update of the program seems to have broken the cache for scanning programs when executed.
What should happen is the program scanned (which causes a noticeable hic-cup delay... enough to think you've not clicked the icon properly) and the results stored in an Avast! cache with a checksum. The next time the program is run and if the checksum is the same then it skips scanning so opens quicker.

Unfortunately this cache/checksum is broken so it scans the files almost everytime. You can confirm it by opening up Avast! and turning off the real time protection and try to re-open the file. It should start straight away.

There is a patch that works much better here http://public.avast..../#ap20120403001
In the end I switched as it was driving me insane!

[mmurphy]

Yesterday, 5/17/12 I ran PCTools which is my primary antivirus using a quick scan and a full scan. Found nothing. I updated MWB with the most current database and thenI followed up with a full scan by Malwarebytes, and it identified DFDwiz.exe as Trojan Fake Alert. Foolishly I told MWB to quarantine it. Now I have learned that it was a false positive, but I am now missing DFDwiz.exe. It shows in the MWB quarantine log as quarantined, and I tried multiple times to restore it but nothing happened. I went to the folder where it is supposed to be and the folder is completely empty. Does anyone have a suggestion about getting a copy of DFDwiz.exe or of how to restore the file that got quarantined? The file I had was last modified 7/13/09 and was 77.5kb. File version was 6.1.7600.16385. The log message I got from MWB was: C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-user-resolver_31bf3856ad364e35_6.1.7600.16385_none_2129f6bd1f6002ae\DFDWiz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. My computer in all other respects is running perfectly - no difference from before yesterday. No signs of virus activity. I am concerned that my registry was altered by MWB as well, but I have no specific basis for that concern.

[shadowwar]

The file is attached in the first post if you really need it. Where it was deleted from your machine it was just a cached older version for backwards compatibility with applications and is almost never needed.

This detection would not have altered your registry in any way.

Cheers.

[Brumak4eva]

I've experienced the same problem, specifically with Windows opening programs very, very slowly. The first Malwarebytes scan quarantined and removed DFDWiz.exe while every scan since then has been bringing up the other file mentioned (the windows diagnostic user resolver). It's been quarantined and removed several times, but still comes back up, which I now know to just be a problem with Malwarebytes current version. However, the "Check for Updates" option is grayed out so I must be fully updated. The database version is v2012.05.17.06 and another user posted that there's was 05.18.01 so I'm guessing I'm just missing something here.