Jump to content

Possible false positive


MAHHCMike

Recommended Posts

We were having some issues with an image that was newly created so we ran a scan out of curiosity and it showed a resultant Trojan.agent within the Windows/hosts file.  As the build is a new build we are wondering if it is a false positive and therefore a remnant of an incomplete wipe of the disc due to reformatting using only the Windows disk from Dell.  I have attached the log file as evidence if that helps. 

Thanks in advance,

Mike

bmrt-log-2013-12-09 (12-36-04).txt

Link to post
Share on other sites

Hi,

 

I am not sure, but I think this is not a false positive. The hosts file in Windows is located in the directory C:\Windows\system32\drivers\etc. As the real hosts file is widely known it is a quite good name to stealth somethign malicious, I guess. I do not know if the file was located somewhere else in the older Windows versions, but I have not seen it somewhere else yet.

 

You might try to open the file with notepad or something (or better: move it to quarentine and open it there). The real hosts file is only a text file wich should give you something readable.

 

I hope this helps.

Link to post
Share on other sites

  • Staff

Yes that is not the normal location for hosts. Is that somethign you put there?

 

Also 1.46 is a VERY old version of BMRT. Its not recommended as it doesnt offer the best protection and cleanup as the current version of MBAM 1.75.0300 does.

Its over three years old and is missing a ton of engine updates. It can also be prone to some false positives.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.