I am getting "Faked.Dropped.Malware" during my scans with MBAM paid. The problem is that neither Kaspersky or SAS Pro are alerting to it and when I ran MBAM in the Developer Mode it did not show up either, the scan was clean? I cannot find the path in regedit either. What do you think?
Malwarebytes' Anti-Malware 1.11
Database version: 707
Scan type: Quick Scan
Objects scanned: 33163
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Fake.Dropped.Malware
Started by darthsideous666, May 01 2008 08:44 PM
12 replies to this topic
#1
darthsideous666
-
- Members
-
- 32 posts
New Member
Posted 01 May 2008 - 08:44 PM
MBAM Pro
VIPRE Premium
PREVX SafeOnline
VIPRE Premium
PREVX SafeOnline
#2
nosirrah
-
- Administrators
-
- 5,402 posts
Forum Deity
- Location:Northampton, MA USA
Posted 02 May 2008 - 07:03 AM
Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .
These are not actually malware (why they are not detected by real scanners usually) .
After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .
Next update will have this resolved .
These are not actually malware (why they are not detected by real scanners usually) .
After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .
Next update will have this resolved .
#3
darthsideous666
-
- Members
-
- 32 posts
New Member
Posted 02 May 2008 - 07:41 AM
nosirrah, on May 2 2008, 08:03 AM, said:
Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .
These are not actually malware (why they are not detected by real scanners usually) .
After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .
Next update will have this resolved .
These are not actually malware (why they are not detected by real scanners usually) .
After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .
Next update will have this resolved .
Just out of curiosity, why is it that the developer mode did not show this when I ran it? It is actually the second time that I ran a scan with it and this has occurred.
ds
MBAM Pro
VIPRE Premium
PREVX SafeOnline
VIPRE Premium
PREVX SafeOnline
#5
Cordialis
-
- Honorary Members
-
- 62 posts
Regular Member
Posted 09 June 2008 - 03:51 PM
I just had one of those Fake.Dropped.Malware and MBAM stopped it. That I find to be a very good thing because I have not downloaded anything that could have left such a file. I'm almost sure that this my newest piece malware is not so fake after all!
Spec's: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Spec's: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
#6
RubbeR DuckY
-
- Root Admin
-
- 4,092 posts
Marcin
- Gender:Male
Posted 09 June 2008 - 04:03 PM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)
This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly
.
This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly
.
#7
AdvancedSetup
-
- Administrators
-
- 27,415 posts
Forum Deity
- Gender:Male
- Location:US
Posted 09 June 2008 - 04:32 PM
Thanks RD
I'm assuming this is similar/same.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
I'm assuming this is similar/same.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
#8
RubbeR DuckY
-
- Root Admin
-
- 4,092 posts
Marcin
- Gender:Male
Posted 09 June 2008 - 04:50 PM
Quote
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.
This has been fixed.
Quote
Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
This can be used for malicious intentions. You can add it to the ignore list.
#9
Eric the Red
-
- Experts
-
- 22 posts
New Member
- Location:Portsmouth, United Kingdom
Posted 09 June 2008 - 05:03 PM
RubbeR DuckY, on Jun 9 2008, 10:03 PM, said:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)
This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly.
This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly
.I can confirm that db update #844 no longer flags this one. Thanks Bruce
"The time to start running is around about the "e" in "Hey, you!" "
Proud member
Since 2004 
Proud member
Since 2004
#10
Cordialis
-
- Honorary Members
-
- 62 posts
Regular Member
Posted 10 June 2008 - 01:29 PM
Ok, thanks guys. I believe that I've already deleted it but I'll see what I can do. I hope it's not important...
#11
Raid
-
- Experts
-
- 1,549 posts
Malware Researcher
- Gender:Male
- Location:United States
Posted 10 June 2008 - 01:58 PM
Cordialis, on Jun 10 2008, 02:29 PM, said:
Ok, thanks guys. I believe that I've already deleted it but I'll see what I can do. I hope it's not important...
I noticed in the logfile that v1.11 was being used. v1.16 is out now, and you should upgrade.
#12
Cordialis
-
- Honorary Members
-
- 62 posts
Regular Member
Posted 10 June 2008 - 02:11 PM
Raid, on Jun 10 2008, 06:58 PM, said:
I noticed in the logfile that v1.11 was being used. v1.16 is out now, and you should upgrade.
But thanks for your thoughtfulness. That was a kind move.
#13
Cordialis
-
- Honorary Members
-
- 62 posts
Regular Member
Posted 10 June 2008 - 02:17 PM
I had to choose when MBAM found this malware - should I start an ego-trip-thread or should I stick to the Fake.Dropped.Malware thread that was already here? I ended up writing in this one. It seemed like a good idea at the time...
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
