Sign in to follow this  
Followers 0
Mingraye

Nvidia Update - False positive?

3 posts in this topic

Malwarebytes said it found a trojan from what I believe is a Nvidia update. Did a custom scan on the file and logged the results below. File attached.

Malwarebytes Anti-Malware (PRO) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.05.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Novograye :: NOVOGRAYE-PC [limited]

Protection: Enabled

12/4/2012 9:00:01 PM

mbam-log-2012-12-04 (21-00-01).txt

Scan type: Custom scan (C:\ProgramData\NVIDIA\Updatus\Packages\00001e30\updatus.14522386_RUNASUSER.exe|)

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

Objects scanned: 1

Time elapsed: 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\ProgramData\NVIDIA\Updatus\Packages\00001e30\updatus.14522386_RUNASUSER.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

updatus.14522386_RUNASUSER.exe.zip

Share this post


Link to post
Share on other sites

You beat me to it! :-) My file is slightly different albeit the same format - updatus.14481009_RUNASUSER.exe. I'm attaching a zip containing file and log just in case a second copy helps.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.