Jump to content


Photo

Conflicting info via Google as to Good/Bad catches by MBAM newest


  • This topic is locked This topic is locked
8 replies to this topic

#1 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 10 April 2012 - 04:38 PM

Hello;

Wondering if the following 3 items (shown as 3 worms) are false positives or actual threats. They are currently quarantined per MBAM detection with database shown. Not picked up by SAS, Emisoft AM or MBAM previous to newest version of MBAM.. The "pmmig.exe" is supposedly the Pale Moon browser importer. The 2 "registry worms" are 50/50 on various sites as to good or bad. :unsure:

Steve :: PROTEUS-ONE [administrator]

Protection: Enabled

4/10/2012 13:22:28
mbam-log-2012-04-10 (13-22-28).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 525037
Time elapsed: 2 hour(s), 27 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\Typelib\{8C2B40D2-963F-4307-AD3E-44A17D530D67} (Worm.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{1551601C-141C-4499-9C05-557CA1440A05} (Worm.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Steve\Downloads\pmmig.exe (Worm.Agent) -> Quarantined and deleted successfully.

(end)

Thanks in advance!
Steve

#2 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 10 April 2012 - 04:40 PM

Can you please post this in the fp forum with the file attached and a dev scan?

Thanks
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#3 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 10 April 2012 - 05:47 PM

Will do; please see PM in a few minutes; I'm still writing it..

Thanks,
Steve

#4 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 10 April 2012 - 06:41 PM

Please restore it from quaritine.

Thanks.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#5 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 10 April 2012 - 10:00 PM

Rich,

Newer database updates must have fixed whatever was causing PMMIG.EXE to be detected as a worm by MBAMPro...

Sorry for the uncertainties about it.

Also VT gave it a clean sweep as well:

Virus Total

https://www.virustotal.com/file/b0e18cf70a7f22343d4b5998722a8edd8b7899e974e87f1cb09b3d41c4bfb301/analysis/1334112365/

SHA256:b0e18cf70a7f22343d4b5998722a8edd8b7899e974e87f1cb09b3d41c4bfb301
File name: pmmig.exe
Detection ratio: 0 / 42
Analysis date: 2012-04-11 02:46:05 UTC ( 1 minute ago )

You can close and lock this thread; thank you for your patience.

Steve

#6 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 11 April 2012 - 12:23 AM

no problem

thanks for trying!
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#7 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 11 April 2012 - 02:49 PM

There was another report. Is it possible to get the pmmig zipped up and attached.

I think this is because of delphi programs causing a fp.

This should be fixed in the next update regardless.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#8 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 11 April 2012 - 05:12 PM

Laugh; glad I still had it in the recycle bin.. BTW; this file has been reported all over the security community via various vendors over its inception as both safe as well as bad.. Since 2010.. go figure :blink:


Attached File  pmmig.zip   631.58KB   24 downloads

ScreenHunter_04 Apr. 11 18.13.gif


Thanks for the follow-thru Rich,
Steve

#9 ShyWriter

ShyWriter

    The pencil is mightier than the bite..

  • Software Updaters
  • PipPipPipPipPipPip
  • 7,504 posts
  • Gender:Male

Posted 12 April 2012 - 12:32 AM

Ok Rich;

I put the pmmig.exe from the Recycle Bin back in its original location and UN-quarantined the 2 "worm" registry entries and put them back; rebooted, updated and ran a scan.

All is goot!

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org


Database version: v2012.04.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: PROTEUS-ONE [administrator]

Protection: Enabled

4/12/2012 01:08:18
mbam-log-2012-04-12 (01-08-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 254189
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Look very, VERY good..
Thanks for the quick work on the definition fixes. :)

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users