11 replies to this topic

[joe53]

Hi:

The latest updated MBAM (db 2680) on-demand Quick Scan is detecting a wmv file as infected with a trojan. I have had this file for months, am experiencing no problems, and it checks out clean at VirusTotal, so I have no doubt it is a false positive.

What interests me is why an on-demand Quick Scan by MBAM detects this file, but a right-click scan of this file only by MBAM detects no infection?

[Raid]

A right click scan does not enable hueristics. A quick or full scan uses the entire engine. Could you post a developers log so we can get this issue resolved for you?

[joe53]

Will do, and thanks for that info.

[joe53]

Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 5.1.2600 Service Pack 3

22/08/2009 8:44:35 PM
mbam-log-2009-08-22 (20-44-22).txt

Scan type: Quick Scan
Objects scanned: 105034
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\endofcivilzation.wmv (Trojan.FakeAlert) -> No action taken. [38575351343036276138473711]

[Raid]

Hi there. If you will relocate that file to another place; besides root, the detection should go away. If you wish to keep it in root (which isn't a good idea), then please select ignore.

Thanks

Edited by Raid, 23 August 2009 - 02:26 AM.
updated information

[swagger]

This is the 2nd time I've seen the information that right click file scan does not enable heuristics... Is this bit of information anywhere? Perhaps in the help file? If it isn't anywhere public, can we get in a sticky on the forums or in the help file please? I think that is very valuable information to know.

Just my two cents.
Keith

[joe53]

Raid:

Thanks- I have relocated it from root, and the detection has disappeared.

Out of curiosity, why is placing a wmv file in the root a bad idea? Is this true in general for any media file? And is this true only because of the way MBAM works?

[nosirrah]

Placing any file in root is a bad idea as it is both not a storage folder and is a super common location to launch malware from (this is why we are aggressive against files there) . MBAM is aggressive against files in most folders where there should not ever be user files of any kind .

[joe53]

Thank you, nosirrah.

[Firefox]

another reason is because there is a limitation of how many files can be in the root. Once that limitation is reached, even if you have 200GB free on your hard drive, it will show as being full and it will not let you store anything until you clear up some space. I dont remember what that limitation is at theis time.

[AdvancedSetup]

Hi Firefox,

I think what you're thinking of was the 512 root directory entries in Windows 95 - this does not apply to NTFS volumes.
Errors Creating Files or Folders in the Root Directory

File Names, Paths, and Namespaces

NTFS From Wikipedia

[Firefox]

yes that could be, I just know folks come to me all the time cause there hard drives are full. (also flash drives). I look at the C: drive and sure enough they have all kinds of files there. These folks that I deal with have thier systems on FAT32 for some reason (in windows xp pro and home). That could be why that is happening.

Thanks for the refresher advancedsetup.....