Sign in to follow this  
Followers 0
darthsideous666

Fake.Dropped.Malware

13 posts in this topic

I am getting "Faked.Dropped.Malware" during my scans with MBAM paid. The problem is that neither Kaspersky or SAS Pro are alerting to it and when I ran MBAM in the Developer Mode it did not show up either, the scan was clean? I cannot find the path in regedit either. What do you think?

Malwarebytes' Anti-Malware 1.11

Database version: 707

Scan type: Quick Scan

Objects scanned: 33163

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .

These are not actually malware (why they are not detected by real scanners usually) .

After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .

Next update will have this resolved .

Share this post


Link to post
Share on other sites
Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .

These are not actually malware (why they are not detected by real scanners usually) .

After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .

Next update will have this resolved .

Just out of curiosity, why is it that the developer mode did not show this when I ran it? It is actually the second time that I ran a scan with it and this has occurred.

ds

Share this post


Link to post
Share on other sites

That technically should not happen .

All dev mode does is show the def line that hits .

Share this post


Link to post
Share on other sites

I just had one of those Fake.Dropped.Malware and MBAM stopped it. That I find to be a very good thing because I have not downloaded anything that could have left such a file. I'm almost sure that this my newest piece malware is not so fake after all!

Spec's: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)

This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly :lol:.

Share this post


Link to post
Share on other sites

Thanks RD

I'm assuming this is similar/same.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Share this post


Link to post
Share on other sites
Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.

This has been fixed.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

This can be used for malicious intentions. You can add it to the ignore list.

Share this post


Link to post
Share on other sites
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)

This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly :lol:.

I can confirm that db update #844 no longer flags this one. Thanks Bruce

Share this post


Link to post
Share on other sites

Ok, thanks guys. I believe that I've already deleted it but I'll see what I can do. I hope it's not important...

Share this post


Link to post
Share on other sites
Ok, thanks guys. I believe that I've already deleted it but I'll see what I can do. I hope it's not important...

I noticed in the logfile that v1.11 was being used. v1.16 is out now, and you should upgrade. :lol:

Share this post


Link to post
Share on other sites

I noticed in the logfile that v1.11 was being used. v1.16 is out now, and you should upgrade. :lol:
No, - I'm not the one who made the start post. My version is updated. :lol: But thanks for your thoughtfulness. That was a kind move.

Share this post


Link to post
Share on other sites

I had to choose when MBAM found this malware - should I start an ego-trip-thread or should I stick to the Fake.Dropped.Malware thread that was already here? I ended up writing in this one. It seemed like a good idea at the time... :lol:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.