Posted 17 December 2009 - 08:15 PM
I think I have a false positive on my hands, but I'd like a second opinion.
A few minutes ago, I got the following two detections:
C:\Users\Reeve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBGBTROF\mbam-setup.exe
AVG8.5 Free detected them as: "Trojan horse Dropper.Agent.PKF" They came up as Malwarebytes Anti-Malware (which was scanning at the time) went over them, thus the process in my Resident Shield entry is - naturally - mbam.exe. I'd like to note that MABM did -not- detect these.
I added the ProgramData location to my Resident Shield exceptions (for the time being), and uploaded the file both to virustotal.com and virusscan.jotti.org. Both sites only had a single hit (AVG), and all 40 other programs on Virustotal and 20-ish some other programs on Jotti said it was clean. Although I added the temporary internet files version to the exceptions too, I cannot upload this one for some reason. When I browse to it on virustotal/jotti and hit "Open" after selecting the file, nothing happens.
My AVG8.5 definitions version is 270.14.112/2571. It was loaded today at 5:00 PM.
I'd like to note that I have done 2 full scans with AVG recently (16/12/2009 2:55 AM; 15/12/2009 9:51 AM) prior to this, neither of which detected this.
My OS is 64-bit Windows Vista Home Premium.
Also, can anyone suggest how I can get the Temporary Internet Files one to actually upload - just in case?