Wtf ? mbamswissarmy.sys

[Mr.Agent]

What !!!! Wrong now !!! Your avast! detecting a suspect file now from malwarebytes ? Why

Im going to scare now....

I hope i did a good move to ignore and remember the answer for the file...

Mr.Agent

[Chris Thomas]

Did ya push the update button of Avast?   

[Mr.Agent]

I did update and its loading so i think its submit to ALWIL... Wow i cant believe it...

Damn !

I almost did died from a heart attack...

Mr.gent

[igor]

What malware name was reported?

[Mr.Agent]

Oh damn igor thx for reply.

Its a Malwarebytes Files.

mbamswissarmy.sys its located on my system32 drivers for sure.

[Chris Thomas]

Igor asked for that Malware name

Was it Win32:Zbot - MKK or Win32:Delf-MZG ?

Or any other name?

You can refer your Virus Chest.

[Mr.Agent]

Suspect Files

[YoKenny]

That's a normal alert from Windows Defender when Malwarebytes' Anti-Malware it running a Quick scan.

[Mr.Agent]

I did run a quick scan. And Windows Defender said nothing just avast! did it...

[YoKenny]

With XP or Vista/Windows 7?

I don't get the alert on Windows 7.

[Mr.Agent]

Vista.

But i think its normal like you said. I did push Ignore then Remember the Answer. I have sended the file to ALWIL too as its wanted to do it. So i think i wont got anymore problem.

[DavidR]

I believe what Mr.Agent fails to report that this is a alert by the anti-rootkit scan, see image, am I right ?

Alert text:
"A suspicious file has been detected (using a heuristic method). This may be a sign of malware infection. Please allow the file to be submitted to our virus lab for analysis."

If so it isn't saying it is infected just suspect and there would be no malware name given.

So you should chose the default action, Ignore and allow it to be sent to avast for analysis.

I think it a mistake to select the remember the answer as you would never know if this has been resolved by Alwil after the analysis as it wouldn't be asking for a decision in future.

[Mr.Agent]

Right said David !!!!! You have win. I did do ignore and dont tell me this in the future and allow to be send in ALWIL Labs... So i did the right action ?

Wow great job David and thx for the reply.

[DavidR]

Well insofar as you didn't opt for deletion, yes you did OK.

As I said I personally wouldn't have selected remember/Do not tell me about this file in the future, but that's just me. I like to know exactly what is going on in my system, whilst I would have known that this was likely to be an FP, what I also want to know is when it has been analysed and the alert corrected.

When you choose the 'Do not tell me about this file in the future' option that won't happen as you are never told about it again. The other aspect is I don't know if there is a way to reverse that decision. So it is possible if it were malicious, you could have effectively allowed it and asked not to be told about it again, in my view this is a dangerous option.

[Mr.Agent]

Well as far i know i did go in malwarebytes forum and search on it the file in question and they said its a malwarebytes file... So that why i did do remember in the future so we cant annoy me and i wont got a heart attack lol...