Author Topic: MBAM false positives?  (Read 26037 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MBAM false positives?
« Reply #45 on: April 25, 2010, 11:16:49 PM »
I think that says it all - a final check that neither of those files are on your system

To remove OTM run it and hit the cleanup button

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: MBAM false positives?
« Reply #46 on: April 25, 2010, 11:55:09 PM »
I've run SystemLook.exe as per MBAM support and the files couldn't be found either.
So, I'm waiting for their instructions...

Thanks for your help Essexboy.
The best things in life are free.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MBAM false positives?
« Reply #47 on: April 26, 2010, 08:53:40 PM »
No problem Tech - I get to play with my toys  ;D

earshurt

  • Guest
Re: MBAM false positives?
« Reply #48 on: June 19, 2010, 08:46:51 AM »
I just found the same thing with mbam. Said this was found in
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job


Had the same experience. Went there and nothing was there. So, right clicked the task folder and changed the properties of the "hide" option to "hide". Then I unchecked the "hide" option and it and about three more files that were previously hidden suddenly showed up and {35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
was suddenly in the task folder after I selected hide, and then deselected it.

Just looking at it in the explorer screen it says it is a 1 kb file. When I right click the file and choose properties and look at the size it says it is 310 bytes

and

Task Scheduler Task Object (.job)

size on disk: 4.00 KB (4,096 bytes)

says created may Wednesday, ‎May ‎26, ‎2010, ‏‎8:32:52 PM

and modified just a few minutes ago Today, ‎June ‎19, ‎2010, ‏‎24 minutes ago which might be the time i hid and unhid it probably

accessed Wednesday, ‎May ‎26, ‎2010, ‏‎8:32:52 PM

attributes "hidden"


Seems a little crazy. I could not see it until I selected "hide" on the windows task folder, and then deselected it. Now it says attributes "hidden" but I can see it. I have not dared to unselect the task folder in the windows folder yet though since I hid and unhid it because it will probably disappear again. I reckon I could get it to appear again by hiding and unhiding again but I haven't tried yet.

Any thoughts?




earshurt

  • Guest
Re: MBAM false positives?
« Reply #49 on: June 19, 2010, 08:48:00 AM »
oh yeah, mbam said the above was trojan.downloader

earshurt

  • Guest
Re: MBAM false positives?
« Reply #50 on: June 19, 2010, 08:59:13 AM »
Forgive me for the additions but as you see i'm a newbie, newbie stupid...

these are the other two files that suddenly showed up. this one showed up in the other dudes trojan.downloader report too
{8C3FDD81-7AE0-4605-A464-2488B179F2A3}
Mbam didn't find and list this as a trojan but it looks like the same number the other dude posted right? And it suddenly popped into view when I hid and unhid the task folder. Explorer says it is 1kb too, but the properties say 310 bytes

The other file that suddenly came into view was this one:
SA
That is its name "SA", and the file type is "video cd movie". explorer says it is 1kb and the properties say it is 6kb

these are the ones that suddenly popped into view when i hid and unhid files in the task folder of windows

this file is in the windows task folder too. it was there the first time i looked and i didn't have to hide/unhide to see it
SCHEDLGU

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MBAM false positives?
« Reply #51 on: June 19, 2010, 01:56:39 PM »
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Is a good detection - it runs a vundo file to download further malware and should be deleted

earshurt

  • Guest
Re: MBAM false positives?
« Reply #52 on: June 19, 2010, 04:52:51 PM »
Ok. I went ahead and told mbam to delete it. When I did {8C3FDD81-7AE0-4605-A464-2488B179F2A3} disappeared from the task folder too so I guess it was somehow tied to the one I deleted.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: MBAM false positives?
« Reply #53 on: June 19, 2010, 05:48:55 PM »
earshurt, go ahead and fully scan your system...
Something infected put that .job there...
The best things in life are free.

earshurt

  • Guest
Re: MBAM false positives?
« Reply #54 on: June 19, 2010, 11:47:50 PM »
Ok I will, I just got back to the puter and getting ready to do a good scan. I just rebooted, and thanks so much for taking the time to reply to me. I really appreciate your knowledge and help.


 File Name: launcher.exe
Display Name: soft thinks Launcher
Description: Launcher
Publisher: soft thinks
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Windows\SMINST\launcher.exe
File Path: C:\Windows\SMINST\launcher.exe


What about this guy above? I found this with "start ed lite" program. Its launching on boot. I think I have told start ed not to let it boot before but it keeps enabling itself by itself. Seen it before but the reviews on the web are mixed and i'm confused. Any help you experts have would be greatly appreciated. You guys have a great forum. Ya'll rock the house dudes! Lots of knowledgeable people here.


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: MBAM false positives?
« Reply #55 on: June 19, 2010, 11:50:07 PM »
I don't know...
Maybe you could upload the file to www.virustotal.com and check if it is clean.
Googling you can find to which program does it belongs...
http://www.vistax64.com/vista-security/87995-what-windir-sminst-launcher-exe.html
http://forums.malwarebytes.org/index.php?showtopic=23701
The best things in life are free.