3 replies to this topic

[doomer]

Hello. I would like to report two false positives generated by MBAM. I am using the latest version. The log file is the following.

============================

Malwarebytes' Anti-Malware 1.25
Database version: 1099
Windows 6.0.6001 Service Pack 1

09:07:55 31.8.2008 г.
mbam-log-08-31-2008 (09-07-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 217818
Time elapsed: 1 hour(s), 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\bnetunin.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\diabunin.exe (Trojan.FakeAlert) -> No action taken.

============================================

Now, bnetunin.exe and diabunin.exe come straight from the original Diablo cd from Blizzard. Those files have been the same since 1996, which is the game's release date, and I can confirm they are definitely not viruses but the uninstall utilities for Diablo, and respectively the Battle.net service. That becomes more apparent since MBAM links the two files with their registry entries precisely where they should be, HKLM/....../CurrentVersion/Uninstall. Thank you in advance.

Edit: I updated in one hour ago, but I just noticed a 1101 database, so instead of doing another 1:10 hour scan.. I just scanned those two files. Still detected as viruses.

============================================

Malwarebytes' Anti-Malware 1.25
Database version: 1101
Windows 6.0.6001 Service Pack 1

10:07:51 31.8.2008 г.
mbam-log-08-31-2008 (10-07-48).txt

Scan type: Quick Scan
Objects scanned: 2
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\battle.net (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\bnetunin.exe (Trojan.FakeAlert) -> No action taken.
c:\Windows\diabunin.exe (Trojan.FakeAlert) -> No action taken.

=============================================

[Raid]

Hi there,

Please zip the offending files as FPcheck1.zip and upload it to uploads.malwarebytes.org We'll get this fixed!

[doomer]

The files have been uploaded. Thank you for the quick reply.

[nosirrah]

Cinfirmed FPs , will be fixed within the next few hours .