ShyWriter

Conflicting info via Google as to Good/Bad catches by MBAM newest

9 posts in this topic

Hello;

Wondering if the following 3 items (shown as 3 worms) are false positives or actual threats. They are currently quarantined per MBAM detection with database shown. Not picked up by SAS, Emisoft AM or MBAM previous to newest version of MBAM.. The "pmmig.exe" is supposedly the Pale Moon browser importer. The 2 "registry worms" are 50/50 on various sites as to good or bad. :unsure:

Steve :: PROTEUS-ONE [administrator]

Protection: Enabled

4/10/2012 13:22:28

mbam-log-2012-04-10 (13-22-28).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 525037

Time elapsed: 2 hour(s), 27 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCR\Typelib\{8C2B40D2-963F-4307-AD3E-44A17D530D67} (Worm.Agent) -> Quarantined and deleted successfully.

HKCR\Interface\{1551601C-141C-4499-9C05-557CA1440A05} (Worm.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Steve\Downloads\pmmig.exe (Worm.Agent) -> Quarantined and deleted successfully.

(end)

Thanks in advance!

Steve

Share this post


Link to post
Share on other sites

Can you please post this in the fp forum with the file attached and a dev scan?

Thanks

Share this post


Link to post
Share on other sites

Will do; please see PM in a few minutes; I'm still writing it..

Thanks,

Steve

Share this post


Link to post
Share on other sites

Rich,

Newer database updates must have fixed whatever was causing PMMIG.EXE to be detected as a worm by MBAMPro...

Sorry for the uncertainties about it.

Also VT gave it a clean sweep as well:

Virus Total

https://www.virustotal.com/file/b0e18cf70a7f22343d4b5998722a8edd8b7899e974e87f1cb09b3d41c4bfb301/analysis/1334112365/

SHA256:b0e18cf70a7f22343d4b5998722a8edd8b7899e974e87f1cb09b3d41c4bfb301

File name: pmmig.exe

Detection ratio: 0 / 42

Analysis date: 2012-04-11 02:46:05 UTC ( 1 minute ago )

You can close and lock this thread; thank you for your patience.

Steve

Share this post


Link to post
Share on other sites

There was another report. Is it possible to get the pmmig zipped up and attached.

I think this is because of delphi programs causing a fp.

This should be fixed in the next update regardless.

Share this post


Link to post
Share on other sites

Laugh; glad I still had it in the recycle bin.. BTW; this file has been reported all over the security community via various vendors over its inception as both safe as well as bad.. Since 2010.. go figure :blink:

pmmig.zip

post-35425-0-77935400-1334182502.gif

Thanks for the follow-thru Rich,

Steve

Share this post


Link to post
Share on other sites

Ok Rich;

I put the pmmig.exe from the Recycle Bin back in its original location and UN-quarantined the 2 "worm" registry entries and put them back; rebooted, updated and ran a scan.

All is goot!

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Steve :: PROTEUS-ONE [administrator]

Protection: Enabled

4/12/2012 01:08:18

mbam-log-2012-04-12 (01-08-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 254189

Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Look very, VERY good..

Thanks for the quick work on the definition fixes. :)

Steve

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.