Jump to content


Photo

Infected registry object false positive?


  • Please log in to reply
21 replies to this topic

#1 mynorgeek

mynorgeek

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 209 posts
  • Gender:Male

Posted 30 March 2010 - 02:32 PM

Here is the dev log.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3934

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/30/2010 12:28:23 PM
mbam-log-2010-03-30 (12-28-23).txt

Scan type: Quick scan
Objects scanned: 109863
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1} (Trojan.Agent) -> No action taken. [2819A87556568AA701D577E39E2652B4]

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#2 RuyLopez

RuyLopez

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2010 - 02:41 PM

I just picked up the identical detection with the identical database of definitions.

#3 khakiman

khakiman

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2010 - 03:17 PM

[quote name='RuyLopez' date='Mar 30 2010, 07:41 PM' post='224400']
I just picked up the identical detection with the identical database of definitions.

#4 khakiman

khakiman

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2010 - 03:21 PM

Sorry for the double posting. I meant to add my name to the previous two posters. Same story -- infected registry key right after updating.
Is this a false positive?

#5 MaB69

MaB69

    Regular Member

  • Experts
  • PipPip
  • 86 posts
  • Gender:Male
  • Location:France

Posted 30 March 2010 - 03:25 PM

Hi,

Confirmed here too

Regards,

MaB
Posted Image

#6 B-boy/StyLe/

B-boy/StyLe/

    FFreestyleRR

  • Experts
  • PipPipPipPipPip
  • 1,127 posts
  • Gender:Male
  • Location:Bulgaria

Posted 30 March 2010 - 03:42 PM

Me too...found on Windows 7 x64 :rolleyes:

Regards,
G.
Posted Image
My help is always free of charge. If you appreciate my work, you can buy me a beer or two by clicking here - Posted Image

#7 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,451 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 30 March 2010 - 03:47 PM

Should be fixed in about 2 minutes .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 mynorgeek

mynorgeek

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 209 posts
  • Gender:Male

Posted 30 March 2010 - 03:55 PM

Should be fixed in about 2 minutes .

All better here. Thanks! :rolleyes:

#9 RuyLopez

RuyLopez

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2010 - 04:19 PM

Resolved here as well with database version 3935.

Thanks Bruce!

Best regards,
RL

#10 khakiman

khakiman

    New Member

  • Members
  • Pip
  • 15 posts

Posted 30 March 2010 - 05:41 PM

Kudos to the Malwarebytes "Quick Response Team." Great product. Excellent support.

#11 MaB69

MaB69

    Regular Member

  • Experts
  • PipPip
  • 86 posts
  • Gender:Male
  • Location:France

Posted 31 March 2010 - 02:21 AM

Should be fixed in about 2 minutes .


Thanks guys

regards,

MaB
Posted Image

#12 donnod

donnod

    New Member

  • Members
  • Pip
  • 3 posts

Posted 31 March 2010 - 04:09 AM

What is this entry, should I delete it?

#13 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,015 posts
  • Gender:Male

Posted 31 March 2010 - 04:54 AM

Hello donnod and welcome to Malwarebytes :rolleyes:

No, do not delete it. Simply update Malwarebytes' Anti-Malware and perform another scan. It should no longer be detected.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 donnod

donnod

    New Member

  • Members
  • Pip
  • 3 posts

Posted 31 March 2010 - 08:56 AM

The thing is that I did. What now?

#15 Thormbam

Thormbam

    New Member

  • Members
  • Pip
  • 2 posts

Posted 31 March 2010 - 04:12 PM

I also delete the registry key. And now, what I have to do? Excuse me for my english.

#16 Thormbam

Thormbam

    New Member

  • Members
  • Pip
  • 2 posts

Posted 31 March 2010 - 05:31 PM

The thing is that I did. What now?


To donnod and anyone can need: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1} Is a important registry key. Open Mbam, go to quarantine select it and restored it. And excuse me for my english.

#17 donnod

donnod

    New Member

  • Members
  • Pip
  • 3 posts

Posted 31 March 2010 - 06:07 PM

Deleted from quarantine before update came out, what now?

#18 Gromphadelic

Gromphadelic

    New Member

  • Members
  • Pip
  • 4 posts

Posted 01 April 2010 - 03:16 AM

same thing here. anyone know what the registry belonged to? i didn't experience any problems since i deleted it.

#19 friedmonky

friedmonky

    New Member

  • Members
  • Pip
  • 3 posts

Posted 01 April 2010 - 09:24 AM

I had the same situation. All I had to do to restore it was create a reg file for that reg key on another Windows 7 machine, transferred the created reg file to the computer that needs the key restored, and ran the reg file. Replaced the key - no problem.
I tried to upload the reg file here so other peeps could use it but, Mbam site will not allow upload of reg files. :) If you know how to do what I just explained here, it works great.

FM :)

#20 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,451 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 01 April 2010 - 10:17 AM

You can zip and attach anything within the size limit .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users