5 replies to this topic

[Kaiser]

Dear MalwareBytes forum:

This is my first post. As i am not shure if this is or not a false positive i decided to post this here. If this is not the right place please let me know or redirect this post to the place it should go.

The probem: A few days ago while i was scanning my computer with MalwareBytes, i found one file was infected and i looked the results i saw that the c:\boot.ini file was identified as infected with trojan.generic. I removed the Malware, but then when i recreated a new boot.ini file and re-scanned with MalwareBytes the problem appeared again.

Here is the log.

Malwarebytes' Anti-Malware 1.34
Versión de la Base de Datos: 1790
Windows 5.1.2600 Service Pack 3

22/02/2009 12:08:43 p.m.
mbam-log-2009-02-22 (12-08-39).txt

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 119207
Tiempo transcurrido: 29 minute(s), 20 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
\boot.ini (Trojan.Agent) -> No action taken.



That´s why I´m posting this, because i´m very confused and i don´t know whay to do. I have Kaspersky Internet Security up to date running on my PC, and also Spybot Search&Destroy 1.6.2 up to date, and just in casse that´s not enough protection i have Superantispyware.

This is my computer:

Pentium Intel Core 2 Duo de 2.33MHZ
2 GB de memoria ram
Win Xp Profesional 2002 SP3

I searched over the internet and i found a page called http://virusscan.jotti.org/ and the file seems to be clean. I also tried at http://www.virustotal.com/es/ and nothing was found.

What should i do? Is it possible that boot.ini is infected with a trojan? Why MalwareBytes is the only program that detects this as a trojan?
Should i be worried or this is just a false positive?

That´s all by now. Thank you very much.
I expect a soon solution to my problem.

Kaiser.

[CharlesT]

Kaiser, on Feb 22 2009, 09:31 AM, said:

Dear MalwareBytes forum:

This is my first post. As i am not shure if this is or not a false positive i decided to post this here. If this is not the right place please let me know or redirect this post to the place it should go.

The probem: A few days ago while i was scanning my computer with MalwareBytes, i found one file was infected and i looked the results i saw that the c:\boot.ini file was identified as infected with trojan.generic. I removed the Malware, but then when i recreated a new boot.ini file and re-scanned with MalwareBytes the problem appeared again.

Here is the log.

Malwarebytes' Anti-Malware 1.34
Versión de la Base de Datos: 1790
Windows 5.1.2600 Service Pack 3

22/02/2009 12:08:43 p.m.
mbam-log-2009-02-22 (12-08-39).
What should i do? Is it possible that boot.ini is infected with a trojan? Why MalwareBytes is the only program that detects this as a trojan?
Should i be worried or this is just a false positive
Kaiser.

Hello
I had gotten some FP ealier and last night I see you are using the 1970 version on your defintions there was an update made to 1972 i would try scaning with the updated version while you wait and see if the log still shows infections ..read down a few more threads in this form and you will see also in false positive section of this forum hopefully when you scan with the 1972 updated defintions you will have a clean log .

[CharlesT]

[quote name='CharlesT' date='Feb 22 2009, 10:03 AM' post='58716']
Hello
sorry for typo i meant ypu are using 1790 defintions their was as new release to 1792 defintions this am you might want to scan with those while you wait

[Kaiser]

Thanks for your help. I have updated my definitions and now i´ll see what happens. Have a nice day.

[Kaiser]

Charles T:

Your help was very usefull i updated de malwarebytes definitions and no threat was found. TThank you very much. And now i guess this topic can be closed. Thanks a lot.

Bye :

Kaiser.

[nosirrah]

This is an odd glitch that I may have just fixed , please update and scan again if you were having this issue .