Jump to content


Photo

extension.mismatch?


  • Please log in to reply
6 replies to this topic

#1 Somethngcreative

Somethngcreative

    Regular Member

  • Honorary Members
  • PipPip
  • 97 posts

Posted 17 February 2012 - 04:46 PM

Hello,

I ran malwarebytes pro todday and did not get a clean scan, much to my suprise.It found the following "extension.mismatch" (attached below). I'm wondering is this a false positive? Also, what should I do for now.. ignore or remove selcted?

Thanks!

Attached Files



#2 Somethngcreative

Somethngcreative

    Regular Member

  • Honorary Members
  • PipPip
  • 97 posts

Posted 17 February 2012 - 04:51 PM

Oh and I scanned it on virustotal, 0/43 found it harmful.

Thanks

#3 DarkSnakeKobra

DarkSnakeKobra

    May the penguin be with you!

  • Honorary Members
  • PipPipPipPipPipPip
  • 5,262 posts
  • Gender:Male
  • Location:~
  • Interests:Scripting, GNU/Linux, photography

Posted 17 February 2012 - 07:50 PM

That log is impossible to read. I've tried opening in LibreOffice and Gedit/Vim and appears to be in a special format that's not plain text or typical office files.

An extension.mismatch means the file is not of the extension that it says it is. For example you have a "supposed" image file(jpeg, png, gif etc) which is really an executable(exe, dll) file.

I'm not a staff member just another Malwarebytes' user.

Advice: Hug your dog, cat etc everyday! :)


#4 Somethngcreative

Somethngcreative

    Regular Member

  • Honorary Members
  • PipPip
  • 97 posts

Posted 17 February 2012 - 08:29 PM

Hmm.. I don't get it either. Would you suggest that I ignore it or delete it?

Thanks

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 18 February 2012 - 02:42 PM

That file has an MZ header, which is indicative of an executable (EXE, DLL etc.), while a log file is supposed to be a raw text file. If you open the file with a text editor such as notepad, you'll see quite plainly that it absolutely is not a log of any sort, but instead is an executable file whose file extension has been renamed to .log.

I don't know if the file is malicious or not, but if I found such a file on my PC, I would likely remove it just to be safe as I see no legitimate reason why an executable would be renamed to a text format unless it were trying to conceal itself (which is precisely why Malwarebytes Anti-Malware makes such detections, as it's part of our heuristics detection capabilities).
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Somethngcreative

Somethngcreative

    Regular Member

  • Honorary Members
  • PipPip
  • 97 posts

Posted 19 February 2012 - 03:56 AM

Thanks Exile, I've removed it and I've noticed a significant improvement in my laptop speed, I don't know whether that was directly related to the suspicious log being removed or not, but I'm guessing it was.

Thanks again everyone!

#7 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 19 February 2012 - 09:59 AM

Thanks Exile, I've removed it and I've noticed a significant improvement in my laptop speed, I don't know whether that was directly related to the suspicious log being removed or not, but I'm guessing it was.

Thanks again everyone!

You're welcome :)

If it was related, you might want to get your PC checked for infections by one of the expert helpers in the Malware Removal area of the forum, as it may have been a component of an infection, and there are likely more components remaining if that was the case.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users