Jump to content

Kob

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Using V.3.2.2.2029 Free Edition under WIN 7 32bit: Settings change willy-nilly. I changed in Settings the "Application Updates" and "Notifications" entries to "off", then selected "Reports" and then back to Settings - my "Application Updates" and "Notifications" settings were reverted back to "on". Sometimes the settings revert back to prior state upon program re-run, sometimes they stick. Can't provide a consistent recipe to help debugging.
  2. Hello, Attached file is reported as Trojan.Downloader. It certainly has some suspicious characteristics, but behavioral analysis indicates that it is far from what malewarebytes reports. No logfile - the report is from virus total with today's database. https://www.virustotal.com/en/file/6f346257ef878ef18f0ae82c98be15e56941fb589adae493ee6db6b12b4d7eea/analysis/1421717730/ Keymaker.zip
  3. Attached is a false positive, reporting a trojan. This is a sample utility for ISV source code protection from a SDK by secutech.com. Reported as totally clean by virustotal (0/41) and threatexperts. I got the source code if you require. I hope it is not flagged as malware by the fact that it is dongle related and Chinese. Project1.rar mbam_log_2010_04_30__22_38_03_.zip
  4. 1. I am very technical, and my "false positive" claim is that you report "Trojan.Agent.CK' while it is NOT a trojan. If MWB wants to warn a user about a code that is benign to the system but belongs to a a class of software that is dangerous, then it should report it as a "Suspicious file" - as some other AV program do. 2. The major AV program declare the file as "clean". Some 2nd tier scanners report the file not as a trojan carrier but as "suspicious". None claim the file as carrying an active load of trojan code, and indeed the file, tested in a controlled environment, did not modify the registry, did not fork any extra process, did not set up a server, did not try to connect to the internet and did not inject itself to any system file, environment or process. 3. I occasionally serve as a computer "fixer" and "adviser" to family and friends, and try to analyze their system problems. I get to analyze suspicious emails, documents and files they suspect. I am certainly aware about the illegal and dangerous load that can be carried by cracks and I do advise them about the risk involved, but as I would notify an airport scanner vendor that his machine reported a box loaded with crack (no pun intended) as explosives - and I would expect him to fix his analysis, I would do the same in our case. 4. If MWB's file analysis philosophy would stay as stated, meaning reporting false positives solely due to association with "bad company", then this will happen: if MWB scan reports "all clean" , then I am OK; if it reports "trojans found" , then the verdict would be "maybe - lets scan the files with another scanner".
  5. The attached file is reported as a fairly benign by VirusTotal (clean bill of health by the major AV vendors), and clean by ThreatExperts. However it is reported as containing a Trojan.Agent.CK by MWB. I suspect a false positive. Note: the Project1.exe reported in the log is also a false positive, but I will defer it to a future date. Keygen_CleanBy_VT_TE_But_MWB_ReportsATrojan.rar mbam_log_2010_04_30__22_38_03_.zip
  6. Hello, I am pretty sure that the attached file is a false positive. Malwarebytes' Anti-Malware 1.41 Database version: 2790 Windows 5.1.2600 Service Pack 3 9/13/2009 5:43:56 PM mbam-log-2009-09-13 (17-43-43)_FalsePos.txt Scan type: Quick Scan Objects scanned: 1 Time elapsed: 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: g:\Drive_E\expedition\2004\common\win32\lib\mgcregapi.dll (Trojan.Koutodoor) -> No action taken. mgcregapi.rar
  7. This also did the trick for me. Thanks. I had a clean fresh system, with ZoneAlarm installed. When installing MBAM, ZoneAlarm poped up and asked me if to approve MBAM changing a reg key to autorun on each boot up. I said no, and I think that this also inhibited MBAM from continuing and registering the required components. So I regged them manually with regsvr32 (did not succeed in registering zlib - I got a message that it was loaded but no entry point was found), and now MBAM fires up without any problems.
  8. Thanks for the prompt reply. Just a comment: before I posted, I searched in the forum for "security center" messages and found none with that string in their title.
  9. Hello, Malwarebytes V.1.40 reported my OS setup choice (not to update, no Firewall etc) as malware (registry data). If the developers consider this to be worthy of reporting to the user, please do it as a note and not as a malware with red fonts with an option to delete these reg keys. Very alarming to the regular Joe with dire consequences if deleted.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.