2 replies to this topic

[Jinky]

Hi I'm running MBAM 1.41 Database version 2955. After completing a scan I got the following warning. Is this a safe process which I can de-quarantine or should I remove it. Thanks.

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[Jacktivity]

The root is a known malware infection loading place so MBAM is pretty aggressive about .exe files being there. If you think it's a legitimate file, you can just move it into another folder. You can also upload it to virustotal or jotti for analysis. I had a failed Windows update not too long ago that left some legitimate Microsoft files there by accident. MBAM did NOT like it. In that case, I just deleted the files, performed the update again, and all went well.

[Marcus]

Just curious.

On looking at jotti I notice they use Quick Heal among the scanners. If my memory serves me right wasn't this listed as a rogue AV / spyware product in the past and possibly the not-so-distant past?

Somebody refresh my memory please.