Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nothing suspicious, but....


  • Please log in to reply
1 reply to this topic

#1 RockVacirca

RockVacirca

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:05:23 PM

Posted 14 April 2012 - 03:26 AM

Windows XP, 32 bit, Pentium 4.

My desktop PC got infected quite a while back, and with the help of this forum the PC was eventually thoroughly cleaned. Since then, I have practiced safe hex, updated my Windows XP security patches, my malwarebytes, my Superantispyware, and my Avast definitions regularly, and performed once-a-week scans. Everything was fine, until today.

I did my weekly overnight scan last night, and this morning Malwarebytes had something to report. It told me that a couple of files (from the same source) were infected with BACKDOOR.MSIL.PGEN.

The strange thing is, the two infected files were downloaded back in 2008, used once or twice, and not used since. So why did Malwarebytes not pick these up before?

I have not noticed anything suspicious happening with the PC, but I am a little worried by this new detection.

Is this a likely to be a false positive? Anything to worry about? I let Malwarebytes delete the two offending files.

I thought I would raise this here, in case I need to perform any further checks.

Advice please :)

Cheers

Rock

Edited by RockVacirca, 14 April 2012 - 04:18 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 AM

Posted 14 April 2012 - 07:35 AM

After a security vendor updates its product version or releases an update to definition databases, it is not uncommon for subsequent scans to find detection of items, traces of malware files or remnants of registry entries which had previously gone undetected (not reported) by prior scans. If the computer had previously been infected, this can even occur long after the initial infection was removed. In that same manner, it is not unusual for a detected threat to no longer be detected during subsequent scans after a database update. This can be attributed to further testing after users have submitted a sample file which is then determined to be false positive and removed from the detection list.

If you suspect a file detection may be a false positive or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If the results indicate a probable false positive, then you should report them to Malwarebytes Anti-Malware Support > False Positives so the Research Team can investigate and make corrections.

Be sure to read the pinned topic at the top of that forum titled READ BEFORE REPORTING A FALSE POSITIVE!.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users