I routinely run MBAM free using the full scan option to check my systems for any malware. Recently MBAM identified 'trojan.sirefef' in a file that has been present on my pc for a while, through many previous scans. The file is an Nvidia audio driver file. I backup data from this PC to another PC and MBAM hit on the same file in the backup location. These two PCs are XP Pro and kept up to date. My PCs were not experiencing the symptoms that others who seemed to have active infections were discussing in their posts.
I just went through an exhaustive cleaning regimin via one of the online tech support antimalware warrior teams to thoroughly check and clean these two PCs. NOTHING was detected.
Filename is nvax9x.sys and ist is located in a folder structure which I think was based on the zip file I used to download the updated driver from Nvidia. Folder structure: \Nvidia\nf2_v264\WDMxP\Nf2_v264_WDMxP\AudioDrv\nvax9x.sys.
I would suspect that you'd have seen this before, this is a fairly old driver file. I didn't see it in the list of false positives.
I can email the file if you folks want to disect it.
Can you confirm that this is a false positive?
Thanks
- Bob
False positive: trojan.sirefef
Started by BobTN, Aug 03 2012 10:28 AM
7 replies to this topic
#3
Bugen
-
- Members
-
- 25 posts
New Member
- Gender:Not Telling
Posted 09 August 2012 - 08:21 PM
Hello I also have the same warning on this extremely old nvidia file. I will attach the file since i beleive it is the same as the topic starter.
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [administrator]
Protection: Enabled
8/9/2012 6:03:37 PM
mbam-log-2012-08-09 (18-05-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 36848
Time elapsed: 1 minute(s), 17 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\*****\Desktop\nvax9x.sys (Trojan.Sirefef) -> No action taken. [59108cb44419d462e1f30aa5df218878]
(end)
VIrustotal
https://www.virustot...sis/1344561209/
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [administrator]
Protection: Enabled
8/9/2012 6:03:37 PM
mbam-log-2012-08-09 (18-05-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 36848
Time elapsed: 1 minute(s), 17 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\*****\Desktop\nvax9x.sys (Trojan.Sirefef) -> No action taken. [59108cb44419d462e1f30aa5df218878]
(end)
VIrustotal
https://www.virustot...sis/1344561209/
Attached Files
-
nvax9x.zip 17.57KB
3 downloads
#4
BobTN
-
- Members
-
- 4 posts
New Member
Posted 23 August 2012 - 05:05 PM
Hy Myrti,
Sorry for the delay in responding to you, I have been out of town for the last several weeks away from the PCs with the possible false positives.
I tried to scan with developer as the page suggested but the PC locked during/after the scan. The signature files were updated before I tried the scan. The log from the developer scan does not show any hits. The log from the normal scan that I ran about a month ago does. So I will post this log and a zipped copy of the target file.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob :: S..........2 [administrator]
7/30/2012 9:08:40 PM
mbam-log-2012-08-01 (23-48-29)_PC2.txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294424
Time elapsed: 2 hour(s), 43 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\S.......1-data-110803\Downloads\Nvidia\nf2_v264_WDMxp\nf2_v264_WDMxp\AudioDrv\ (Trojan.Sirefef) -> No action taken.
(end)
nvax9x.zip 17.96KB
4 downloads
I'd like to know what you find out. Please reply with your results.
Thanks,
Bob
Sorry for the delay in responding to you, I have been out of town for the last several weeks away from the PCs with the possible false positives.
I tried to scan with developer as the page suggested but the PC locked during/after the scan. The signature files were updated before I tried the scan. The log from the developer scan does not show any hits. The log from the normal scan that I ran about a month ago does. So I will post this log and a zipped copy of the target file.
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob :: S..........2 [administrator]
7/30/2012 9:08:40 PM
mbam-log-2012-08-01 (23-48-29)_PC2.txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294424
Time elapsed: 2 hour(s), 43 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\S.......1-data-110803\Downloads\Nvidia\nf2_v264_WDMxp\nf2_v264_WDMxp\AudioDrv\ (Trojan.Sirefef) -> No action taken.
(end)
nvax9x.zip 17.96KB
4 downloadsI'd like to know what you find out. Please reply with your results.
Thanks,
Bob
#5
BobTN
-
- Members
-
- 4 posts
New Member
Posted 23 August 2012 - 05:06 PM
PS
I should add that after the PC locked, I re-scanned using the normal method but scanned only the E drive, that is the drive that contains the target file.
I should add that after the PC locked, I re-scanned using the normal method but scanned only the E drive, that is the drive that contains the target file.
#7
BobTN
-
- Members
-
- 4 posts
New Member
Posted 24 August 2012 - 09:19 AM
So this was a false positive hit?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
