Jump to content

Hirens Boot CD v15.2 - infected or false positives?

marky1124

By marky1124
in File Detections

 Share

Recommended Posts

marky1124

marky1124

Posted
Posted

Hi,

My apologies if this has been covered before, however I searched and couldn't find it discussed.

I built and booted off Hirens Boot CD v15.2 in order to scan a machine I suspected of containing malware. I booted the 'Mini XP' image and then fired up networking and ran Malwarebytes. Admittedly it said it might not work properly under 'Mini XP' however it seemed to update it's definitions and run a scan just fine. It produced the following results:-

Malwarebytes v1.65.1.1000 with definitions database v2013.05.08.04 reports

Trojan.FakeAV for X:\I386\System32\wzcsvc.dll

Malware.Packer.Gen for X:\I386\System32\keybtray.exe

Malware.Packer.Gen for X:\I386\System32\msxml2.dll

Malware.Packer.Gen for X:\I386\System32\vbscript.dll

Trojan.Patched for X:\I386\System32\sfcfiles.dll

+ locations in registry

So my question is - is this a false positive or is Hirens Boot CD riddled with trojans and really not a safe platform from which to launch offline virus scans?

Cheers,

Mark

Link to post
Share on other sites
  • Staff
shadowwar

shadowwar

Posted
  • Staff
Posted

hard to say without the files themselves. Also please rescan with the current version of Malawarebytes 1.75 and database.

If still detected please zip and attach those files there and we will check them.

Also mbam is designed to be run on a live environment. Running it from cd can cause issues like this Because certain whitelists wont be working properly.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Malwarebytes Anti-Malware needs to be installed in order to run and as said by Rich it needs to run from the real OS not a boot CD. Running it from a CD like that is both against the EULA as well as potentially dangerous due to possible high rate of false positives.

If you have an infected computer and you need assistance cleaning it we offer free support to do so.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.