Jump to content

RPC.exe false/positive?


shucky

Recommended Posts

Hello, 

I work for ran IT company and we were installing a usb signature pad by Topaz when MalwareBytes detected a file "RPC.exe" in the install location.  I have uploaded this to virus total and Mbam is the only detection.  See logs below;

 

<?xml version="1.0" encoding="UTF-16" ?>
<!DOCTYPE mbam-log SYSTEM "mbam-log.dtd">
<mbam-log>
<header>
<version>1.80.0.1010</version>
<database>v2016.09.09.09</database>
<windows>Windows 10</windows>
<arch>x64</arch>
<filesys>NTFS</filesys>
<msie>Internet Explorer 11.0.10240.17071</msie>
<username>erik</username>
<cpuname>ERIK-DESKTOP</cpuname>
<date>Fri, 09 Sep 2016 21:25:22 GMT</date>
<log>mbamlog.xml</log>
<summary>
<type>custom</type>
<objects>1</objects>
<time>6</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>1</files>
</summary>
</header>
<items>
<file><path>C:\Users\erik\Desktop\rpc.exe</path><vendor>Trojan.EDVBGen</vendor><action>success</action></file>
</items>
</mbam-log>

 

I will attempt to attach the file when I track down another copy of it.

 

Thanks!

Link to post
Share on other sites

So, I ran the scan in developer mode, but the log does not appear to be much different.  I have tracked down the file, it is zipped with 7zip.

 

Thanks

rpc.7z

 

Malwarebytes Anti-Malware (LabTech) 1.80.0.1010
www.malwarebytes.org

Database version:
  main:    v2016.09.12.05
  rootkit: v0000.00.00.00

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.17071
erik :: ERIK-DESKTOP [administrator]

Protection: Enabled

9/12/2016 10:24:00 AM
MBAM-log-2016-09-12 (10-31-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: 
Objects scanned: 509655
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\erik\Desktop\rpc.7z (Trojan.EDVBGen) -> No action taken. [ce774a272575dc5ac17042a32fd158a8]

(end)

Edited by shucky
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.