Jump to content


Photo

False Positive on anbmServ.exe (Backdoor.Agent)

anbmServ.exe

  • Please log in to reply
4 replies to this topic

#1 MarkRaven

MarkRaven

    New Member

  • Members
  • Pip
  • 3 posts

Posted 07 January 2013 - 06:37 PM

Starting on 1/6 several of my Acer emanager files were flagged as Backdoor.Agent. I've had these files forever so I doubt they are infected. Scans still trip an alert for anbmServ.exe. Now the thing is stuck (or so it says in my quarantine) and whenever I can I get four warnings. Attached is my log from a scan log generated while running mbam.exe /developer.

Attached Files



#2 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,222 posts
  • Gender:Male

Posted 07 January 2013 - 09:00 PM

Can you please zip and attach the file being detected?

Thanks!
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#3 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,222 posts
  • Gender:Male

Posted 07 January 2013 - 10:17 PM

Actually this was already fixed about 4 hours ago. please update and let me know if still detected.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#4 MarkRaven

MarkRaven

    New Member

  • Members
  • Pip
  • 3 posts

Posted 09 January 2013 - 12:28 AM

I've rebooted several times this evening and that's usually when it starts warning me about it and I haven't seen any messages tonight and nothing was triggered on a scan. The only problem left is these multiple entries in the quarantine for the same file. I tried a restore and restore all to no effect. I don't think the file is actually in the quarantine though. I just need a way to nuke those entries. I didn't hit delete or delete all because I wasn't sure if it would just get rid of the quarantine listing or the actual file in the directory.

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 09 January 2013 - 02:50 PM

I've rebooted several times this evening and that's usually when it starts warning me about it and I haven't seen any messages tonight and nothing was triggered on a scan. The only problem left is these multiple entries in the quarantine for the same file. I tried a restore and restore all to no effect. I don't think the file is actually in the quarantine though. I just need a way to nuke those entries. I didn't hit delete or delete all because I wasn't sure if it would just get rid of the quarantine listing or the actual file in the directory.

Using Delete and Delete All only removes the quarantined objects, it doesn't remove the objects from their original location.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users