Jump to content

Can you recognize some false positives instantly?

JanetB

By JanetB
in File Detections

 Share

Recommended Posts

JanetB

JanetB

Posted
Posted

Hello,

 

I'm not too experienced with the PUP and virus world, and this is the first time something has been detected that seems unusual. Malwarebytes found "Trojan.Downloader.as" in this location:  C:\ProgramFiles\RosettaStone-3.4.5\RosettaStone.exe. I read the post about running "mbam.exe/developer" and posting a log in order to post a possible false positive, but before I do that, a question or two.

 

Does this mean the trojan has attached itself to the Rosetta Stone.exe? Or that it is posing as RosettaStone.exe? (I really do have Rosetta Stone on my computer).  Or, is this what is called a false positive--and you can tell in advance because of the way it appears?

 

Should I go ahead and run "mbam.exe/developer"?  One reason I'm asking is that my full scan took well over 4 hours to complete. If I need to do it again, does it run in the background?

 

I haven't done anything with the file yet--I've left the results page open, since I was afraid removing selected would remove the needed exe file for Rosetta Stone. If I do need to run "mbam..." what do I do with my current result? Ignore it?

 

Thanks,

Janet B.

Link to post
Share on other sites
JanetB

JanetB

Posted
  • Author
Posted

Hi-

Thanks for the reply... so I guess this answer to my question is no--you really don't know unless you do the developer scan. I'll go ahead and do that.

 

However, in your reply, by a "normal" scan, do you mean the quick scan?  If so, that one didn't catch it. So I think I have to do the full scan again.  

 

More importantly...what do I do with the current scan I have left open. Shall I choose "ignore results?"  If I do ignore, will it still find the trojan on the next scan?

 

Janet B

Link to post
Share on other sites
JanetB

JanetB

Posted
  • Author
Posted

In the interim, one more piece of information. I did a right click on the file RosettaStone.exe in the location specified and ran a Malwarebyte scan on just the file. It did not seem to find anything. Here are the results of that scan:

 

12/27/2013 12:46:13 AM
mbam-log-2013-12-27 (00-46-13).txt
 
Scan type: Custom scan (C:\Program Files\RosettaStone-3.4.5\RosettaStone.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites
JanetB

JanetB

Posted
  • Author
Posted

I ran the developer scan using "full scan" as I did the first time. The results were different, and I want to point out one important thing before you look at the results.

After running the first full scan, knowing the file possibly affected was the exe for RosettaStone, i chose IGNORE at the end, so that the file would not be deleted or moved or made unavailable to me. I don't know if that affected the developer scan results. (You know how when you do a spell check, if you choose ignore, it ignores that word from then on....) The developer scan, same full scan, did not pick up the Trojan.Downloader.as that was detected in the first full scan, and I have not changed anything (other than choosing ignore after the first scan).

 

Here are the results of the developer scan. I will await your reply before posting a zipped file.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.26.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Janet :: LANDMARK [administrator]
 
12/27/2013 9:06:09 AM
mbam-log-2013-12-27 (09-06-09).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 522242
Time elapsed: 3 hour(s), 7 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.