Jump to content


Photo

ChPrio.exe false positive?


  • Please log in to reply
7 replies to this topic

#1 almirsahbaz

almirsahbaz

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Bosnia and Herzegovina

Posted 23 June 2011 - 02:06 PM

When I update malwarebytes database today and scan my computer I get result that file ChPrio.exe which is located in C:\Windows\SysWOW64\Tools is infected. This file is not modified since 2009 and this is crucial system file, is this false positive?

Attached Files



#2 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 23 June 2011 - 03:19 PM

This will be fixed in the next update.
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 almirsahbaz

almirsahbaz

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Bosnia and Herzegovina

Posted 23 June 2011 - 03:26 PM

This will be fixed in the next update.


Are you 100% sure that this is false positive, I'm scanning now my computer again using mbam.exe /developer , and I will post log file soon.

#4 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 23 June 2011 - 03:29 PM

Yes. Its not a file by microsoft but a file leftover from a install. It is a valid file though and not malware.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#5 almirsahbaz

almirsahbaz

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Bosnia and Herzegovina

Posted 23 June 2011 - 03:38 PM

I just finished scanning my computer using mbam.exe /developer . This file is located on c:\Windows\System32\Tools\ChPrio.exe (Rogue.SystemSmartSecurity) and c:\Windows\SysWOW64\Tools\ChPrio.exe (Rogue.SystemSmartSecurity) . Here is the log.

Attached Files



#6 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 23 June 2011 - 05:06 PM

Just update and it should no longer be detected.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook

#7 almirsahbaz

almirsahbaz

    New Member

  • Members
  • Pip
  • 10 posts
  • Gender:Male
  • Location:Bosnia and Herzegovina

Posted 07 May 2012 - 04:33 PM

I had same problem year ago, with same file. Than you said that it is a valid file, leftover after some installation. You can see original file (which is not modified since than) in here: http://forums.malwar...showtopic=88005 . Then it was called: (Rogue.SystemSmartSecurity).

#8 shadowwar

shadowwar

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,250 posts
  • Gender:Male

Posted 07 May 2012 - 05:38 PM

Fixed in the next update.
Rich Matteo
Research Engineer

staff.png

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users