Jump to content


Photo

Hewlett Packard false positives database 648


  • Please log in to reply
6 replies to this topic

#1 Ronald Smyth

Ronald Smyth

    New Member

  • Members
  • Pip
  • 1 posts

Posted 18 April 2008 - 11:47 AM

database version 648

I did a full scan today and received the following two alerts:

1) D:\I386\Apps\APP17851\src\install\Worldwide-HP\progfiles\Apps\hpuninstall.exe

2) D:\I386\Apps\APP17851\src\install\Worldwide-HP\progfiles\Apps\onplay.exe

The program said they were both Trojan.Downloader.

I have an HP Scanner and Printer and also installed the HP Smart Web Printing on my browser so I highly doubt those two flagged programs are bad but just in case I am trying to find out here if I am incorrect.

#2 Hardhead

Hardhead

    Elite Member

  • Experts
  • PipPipPipPipPip
  • 815 posts
  • Location:Blue Ridge, Va.

Posted 18 April 2008 - 11:54 AM

Bruce will fix these ASAP. :P

Thanks

Posted Image
Member Since 2004
Calendar of Updates?Posted Image
Posted Image


#3 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 18 April 2008 - 02:30 PM

I will need the files to get this one resolved .

Please zip and attach them here .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 JeanInMontana

JeanInMontana

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Posted 18 April 2008 - 03:30 PM

Malwarebytes' Anti-Malware 1.11
Database version: 651

Scan type: Full Scan (C:\|)
Objects scanned: 128014
Time elapsed: 59 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Jean Dahl\Desktop\OOo_2.4.0_Win32Intel_install_en-US.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\HijackThis Scanalyser\uninstall.exe (Trojan.Downloader) -> No action taken.
C:\SWSETUP\HPGame\progfiles\Apps\hpuninstall.exe (Trojan.Downloader) -> No action taken.
C:\SWSETUP\HPGame\progfiles\Apps\onplay.exe (Trojan.Downloader) -> No action taken.

Now with quick scan
Malwarebytes' Anti-Malware 1.11
Database version: 651

Scan type: Quick Scan
Objects scanned: 30098
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Avira Antivir is also detecting TR/Crypt.CFI.Gen - Trojan in stysem restore. I can't find where the quarantine folder is for the program to scan them It also labels Scanalyzer as potential with the heuristics.

Attached zip of MBAM fp's grrr one is 3 mb file. Do you have an alternative place I can send it?

Attached Files

  • Attached File  3fps.zip   170.29KB   157 downloads


#5 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Root Admin
  • PipPipPipPipPipPip
  • 4,148 posts
  • Gender:Male

Posted 18 April 2008 - 03:43 PM

Send it to my e-mail.
Marcin Kleczynski
Chief Executive Officer



Follow us: Twitter, Become a fan: Facebook

#6 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 18 April 2008 - 04:07 PM

I removed what I found to be the problem , see if I have this all fixed of if there is still that last one .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 JeanInMontana

JeanInMontana

    Delete this account!!

  • Honorary Members
  • PipPipPipPipPipPip
  • 3,867 posts
  • Interests:would love to see some honesty around this site.

Posted 18 April 2008 - 05:00 PM

Send it to my e-mail.


Ok done sent it to MWB.org




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users