Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

New malwarebytes Chameleon???

Started by mute20 , Jan 05 2012 01:13 PM

Please log in to reply

3 replies to this topic

#1 mute20

Member

Members
116 posts

Posted 05 January 2012 - 01:13 PM

SAS just picked this up as a dangerous item.

Trojan.Dropper/SVCHost-Fake
C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE

Should I be worried in the slightest or is it just a false positive. Already sent a false positive report to sas. Anyone want to weigh in.

Back to top

BC Ads
BleepingComputer.com

#2 Queen-Evie

Official Bleepin' Bama Belle

Moderator
6,191 posts

Gender:Not Telling
Location:Tuscaloosa, Alabama

Posted 05 January 2012 - 01:30 PM

The latest realease of Malwarebytes includes Chameleon Technology. It's likely a false positive. Maybe someone who knows more than I do will be able to let you know whether it is a threat or not.

I have the same folder in Malwarebytes. I just had SuperAntiSpyware scan and it did not tell me the same thing it told you.

Have you run across a pesky malware infection that made it hard if not impossible to run Malwarebytes Anti-Malware? Then take heart because Malwarebytes has been updated with Chameleon Technology to get it up and running even when blocked by infections.

Malwarebytes Chameleon Technology gets Malwarebytes Anti-Malware running even when blocked by infection.

http://www.howtogeek.com/101837/malwarebytes-anti-malware-updated-adds-chameleon-technology/

Edited by Queen-Evie, 05 January 2012 - 01:56 PM.

Back to top

#3 quietman7

Bleepin' Janitor

Global Moderator
26,112 posts

Gender:Male
Location:Virginia, USA

Posted 05 January 2012 - 03:33 PM

Malwarebytes Chameleon Technology is a new feature introduced starting with v1.60.0. Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, you can now use Chameleon which essential allows renamed versions/file extensions of the tool that can be used when the normal .exe file is blocked from running by the malware.

This is similar to RKill which also uses renamed versions of files after critical systems files because malware usually leaves them alone. However, sometimes they are detected by anti-virus programs as a threat. The detections are false positives and can be ignored.

Microsoft MVP - Consumer Security 2007-2013

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Back to top

#4 Didier Stevens

Distinguished Member

BC Advisor
816 posts

Gender:Male

Posted 06 January 2012 - 06:41 AM

Should I be worried in the slightest or is it just a false positive. Already sent a false positive report to sas. Anyone want to weigh in.

Probably a false positive. Check if the file C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE has a digital signature from MB, and check if it is OK. If it is OK, you can be sure it's a false positive.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com
Microsoft MVP 2011-2013 Consumer Security
Posted Image