Jump to content

Malwarebytes

False Positive DB 1085 - HH.exe

Started by securityjunky, Aug 25 2008 01:09 AM

5 replies to this topic

#1
securityjunky
Posted 25 August 2008 - 01:09 AM

    New Member

  • Members
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1085
Windows 5.1.2600 Service Pack 2

8:22:17 PM 8/24/2008
mbam-log-08-24-2008 (20-22-17).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 62368
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\hh.exe (Trojan.FakeHelp) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\hh.exe (Trojan.FakeHelp) -> Quarantined and deleted successfully.

http://www.virustotal.com/analisis/8310c3b...e1c5e3bddee469f - C:\Windows\hh.exe
http://www.virustotal.com/analisis/75232fb...347b7369719ff64 - C:\WINDOWS\system32\dllcache\hh.exe

hh.exe file: http://files.filefro...;/fileinfo.html
hh.exe located in sys32 dllcache: http://files.filefro...;/fileinfo.html

#2
securityjunky
Posted 25 August 2008 - 01:14 AM

    New Member

  • Members
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1085
Windows 5.1.2600 Service Pack 2

9:13:23 PM 8/24/2008
mbam-log-08-24-2008 (21-13-21).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 27158
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{AFD5CB49-C301-40BB-BE84-12FAF22B9770}\RP39\A0013663.exe (Trojan.FakeHelp) -> No action taken. [4134524130538380756679153966767041707781130166667024681871716669662022261821192
41971677166222518682021672021]
C:\WINDOWS\hh.exe (Trojan.FakeHelp) -> No action taken. [4134524130538380756679153966767041707781130166667024681871716669662022261821192
41971677166222518682021672021]

Dev log if needed

#3
Monkeys
Posted 25 August 2008 - 01:32 AM

    New Member

  • Members
  • Pip
  • 12 posts
Yep, same here.

#4
Reilly'sPal
Posted 25 August 2008 - 01:50 AM

    New Member

  • Members
  • Pip
  • 5 posts
Same results here including the VirusTotal scan.

#5
nosirrah
Posted 25 August 2008 - 01:54 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,158 posts
  • Location:Northampton, MA USA
will be fixed in 5 minutes
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6
Monkeys
Posted 25 August 2008 - 02:31 AM

    New Member

  • Members
  • Pip
  • 12 posts
All clean now, thanks. ;)
Back to False Positives · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malwarebytes Anti-Malware Support
  3. False Positives

Products

About

Partners

Follow Us