Author Topic: False Positive? Odd Scan Results  (Read 3556 times)

0 Members and 1 Guest are viewing this topic.

MBanana

  • Guest
False Positive? Odd Scan Results
« on: July 06, 2011, 08:04:04 PM »
Not sure what to make of it, but when I ran a full scan yesterday morning, the results came back that C:\Windows\$hf_mig$\KB980436\update\update.exe was infected with Threat: Rootkit: System Modification.

Proceeded to scan with both aswMBR and MBAM, both coming up with nothing. A file scan of that file and a quick scan also came up clean. Full scan with MBAM came up empty, though when I tried to run a full scan with avast at the same time (not a good idea for me) windows crashed.

Ran another full scan with Avast after restarting, this time it showed up with four of the same detection on different files in different subfolders of C:\Windows\$hf_mig$\. At this point, Avast notified me, again, that there was a program update to 6.0.1203 which I had been ignoring throughout the day. Decided to update it, did so, restarted, then ran a full scan again. Nothing, scan came up clean. Boot scan came up with the same results. Another sweep with MBAM and aswMBR also came up with nothing.

Haven't noticed anything unusual, though my network adapter apparently crashed followed by the rest of windows when I attempted to run MBAM and aswMBR at the same time. Not sure what to make of it, whether this is some sort of insidious infection, or just avast jumping at shadows.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: False Positive? Odd Scan Results
« Reply #1 on: July 06, 2011, 08:13:19 PM »
Hi MBanana,

Here is a write-up about deleting these unused files in the $hf_mig$ folder: http://www.pagestart.com/hfmigpart1.html
(linksource: NetworkSolutions)

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

MBanana

  • Guest
Re: False Positive? Odd Scan Results
« Reply #2 on: July 08, 2011, 07:56:02 PM »
Got another of the same result, though again a different file in a subfolder of C:\Windows\$hf_mig$. Not sure what's going on, as scans over the previous days have, as before, been clean.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: False Positive? Odd Scan Results
« Reply #3 on: July 08, 2011, 07:58:21 PM »
attach an OTS log and let Essexboy have a look inside...

MBanana

  • Guest
Re: False Positive? Odd Scan Results
« Reply #4 on: July 08, 2011, 11:06:53 PM »
Well, here it is. A full scan I ran right before running OTS also came up with nothing.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: False Positive? Odd Scan Results
« Reply #5 on: July 09, 2011, 12:15:59 PM »
I feel that the heuristics is being a bit overzealous at the moment.  I could see no apparent malware.  Are you experiencing any problems ?

MBanana

  • Guest
Re: False Positive? Odd Scan Results
« Reply #6 on: July 09, 2011, 07:13:24 PM »
I haven't noticed anything out of the ordinary, so I think you're right about the scanner being a tad sensitive. Thanks for your help, glad it doesn't seem to be anything more than a false alarm.