Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


New malwarebytes Chameleon???

  • Please log in to reply
3 replies to this topic

#1 mute20


  • Members
  • 116 posts
  • Local time:02:42 PM

Posted 05 January 2012 - 01:13 PM

SAS just picked this up as a dangerous item.


Should I be worried in the slightest or is it just a false positive. Already sent a false positive report to sas. Anyone want to weigh in.

BC AdBot (Login to Remove)


#2 Queen-Evie


    Official Bleepin' G.R.I.T.S. (and proud of it)

  • Members
  • 16,485 posts
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:01:42 PM

Posted 05 January 2012 - 01:30 PM

The latest realease of Malwarebytes includes Chameleon Technology. It's likely a false positive. Maybe someone who knows more than I do will be able to let you know whether it is a threat or not.

I have the same folder in Malwarebytes. I just had SuperAntiSpyware scan and it did not tell me the same thing it told you.

Have you run across a pesky malware infection that made it hard if not impossible to run Malwarebytes Anti-Malware? Then take heart because Malwarebytes has been updated with Chameleon Technology to get it up and running even when blocked by infections.

Malwarebytes Chameleon Technology gets Malwarebytes Anti-Malware running even when blocked by infection.


Edited by Queen-Evie, 05 January 2012 - 01:56 PM.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,602 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:42 PM

Posted 05 January 2012 - 03:33 PM

Malwarebytes Chameleon Technology is a new feature introduced starting with v1.60.0. Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, you can now use Chameleon which essential allows renamed versions/file extensions of the tool that can be used when the normal .exe file is blocked from running by the malware.

This is similar to RKill which also uses renamed versions of files after critical systems files because malware usually leaves them alone. However, sometimes they are detected by anti-virus programs as a threat. The detections are false positives and can be ignored.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • Gender:Male
  • Local time:08:42 PM

Posted 06 January 2012 - 06:41 AM

Should I be worried in the slightest or is it just a false positive. Already sent a false positive report to sas. Anyone want to weigh in.

Probably a false positive. Check if the file C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE has a digital signature from MB, and check if it is OK. If it is OK, you can be sure it's a false positive.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users