Jump to content

Malwarebytes

Is this a false positive in the registry?

Started by cosmicsurfer, Nov 06 2009 06:47 AM

5 replies to this topic

#1
cosmicsurfer
Posted 06 November 2009 - 06:47 AM

    New Member

  • Members
  • Pip
  • 2 posts
Hello, I just wanted to make sure this is a false positive. If someone would take a look at the log and let me know, it would be greatly appreciated
Malwarebytes' Anti-Malware 1.41
Database version: 3109
Windows 5.1.2600 Service Pack 3

11/6/2009 12:32:54 AM
mbam-log-2009-11-06 (00-32-54).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 142301
Time elapsed: 27 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\WinLicense (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2
antonpaco
Posted 06 November 2009 - 01:09 PM

    New Member

  • Members
  • Pip
  • 34 posts
seems to be a FP, do not eliminate the file, just wait some other updates and keep checking.

#3
nobodyme
Posted 06 November 2009 - 02:10 PM

    New Member

  • Members
  • Pip
  • 10 posts
  • Location:France
  • Interests:design, graphism,e-designs and e-creations, languages....
Hi
Just ran a quick check and got the same..

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3110
Windows 5.1.2600 Service Pack 3

06/11/2009 15:07:30
mbam-log-2009-11-06 (15-07-24).txt

Type de recherche: Examen rapide
Eléments examinés: 106472
Temps écoulé: 4 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\WinLicense (Trojan.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

#4
nosirrah
Posted 06 November 2009 - 03:02 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
It seems it can be both so I am removing it .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5
exile360
Posted 06 November 2009 - 04:17 PM

    exile

  • Moderators
  • PipPipPipPipPipPip
  • 12,969 posts
  • Gender:Male
Indeed Mr Harrison, the legit entry seems to be related to WinLicense by Orleans Technology, but there are slews of cases where this is indeed an infection :blink: .
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6
cosmicsurfer
Posted 07 November 2009 - 12:31 AM

    New Member

  • Members
  • Pip
  • 2 posts
Should I go ahead keep it quarantined, delete it or ignore it?
Back to False Positives · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. False Positives

Products

About

Partners

Follow Us