Jump to content

Fake.Dropped.Malware


Recommended Posts

I am getting "Faked.Dropped.Malware" during my scans with MBAM paid. The problem is that neither Kaspersky or SAS Pro are alerting to it and when I ran MBAM in the Developer Mode it did not show up either, the scan was clean? I cannot find the path in regedit either. What do you think?

Malwarebytes' Anti-Malware 1.11

Database version: 707

Scan type: Quick Scan

Objects scanned: 33163

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .

These are not actually malware (why they are not detected by real scanners usually) .

After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .

Next update will have this resolved .

Link to post
Share on other sites

Fake.Dropped.Malware are what fake antispyware applicatiosn drop to find with their fake scans .

These are not actually malware (why they are not detected by real scanners usually) .

After further research it does seem that this key can also sometimes be used for legit purposes so I am removing it from definitions .

Next update will have this resolved .

Just out of curiosity, why is it that the developer mode did not show this when I ran it? It is actually the second time that I ran a scan with it and this has occurred.

ds

Link to post
Share on other sites

  • 1 month later...

I just had one of those Fake.Dropped.Malware and MBAM stopped it. That I find to be a very good thing because I have not downloaded anything that could have left such a file. I'm almost sure that this my newest piece malware is not so fake after all!

Spec's: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Link to post
Share on other sites

  • Root Admin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)

This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly :lol:.

Link to post
Share on other sites

  • Root Admin

Thanks RD

I'm assuming this is similar/same.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Link to post
Share on other sites

  • Root Admin
Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware) -> No action taken.

This has been fixed.

Registry Data Items Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

This can be used for malicious intentions. You can add it to the ignore list.

Link to post
Share on other sites

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e853d72-626a-48ec-a868-ba8d5e23e045} (Fake.Dropped.Malware)

This is a false positive. It is not malware. Please restore it from quarantine and I will have it fixed shortly :lol:.

I can confirm that db update #844 no longer flags this one. Thanks Bruce

Link to post
Share on other sites

Ok, thanks guys. I believe that I've already deleted it but I'll see what I can do. I hope it's not important...

I noticed in the logfile that v1.11 was being used. v1.16 is out now, and you should upgrade. :lol:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.