Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield 2012 Virus


  • Please log in to reply
6 replies to this topic

#1 FiShHeAd99

FiShHeAd99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 14 June 2012 - 09:44 AM

Hi, I recently caught the Security Shield 2012 virus. I managed to remove the pop-ups and blocking internet access by deleting suspicious folders.

However Malware keeps detecting a trojan registry key -

" HKCU\Software\Microsoft\Windows\CurrentVersion\Run "

Everytime I remove it, it appears again when I rescan after a restart. Hitman Pro and rkill can't detect it, only Malwarebytes. Any advice??


" Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [administrator]

14/06/2012 15:39:40
mbam-log-2012-06-14 (15-39-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228642
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)"

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 14 June 2012 - 10:01 AM

False positive

http://forums.malwarebytes.org/index.php?showtopic=111106&st=0&p=560322&#entry560322

#3 FiShHeAd99

FiShHeAd99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:01 PM

Posted 14 June 2012 - 10:58 AM

Thankyou for your help! That's a weight off my mind

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 PM

Posted 14 June 2012 - 12:12 PM

You're welcome :)

#5 Chris Appleyard

Chris Appleyard

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:01 PM

Posted 04 July 2012 - 07:00 PM

Hey Wait a second.. he Said he caught a Fake AV.. how is this a False Positive??? Lol

"Education is the most powerful weapon which you can use to change the world"
-Nelson Mandela

 

 

Windows 7 Home Premium | AMD Athlon II 250 Dual Core CPU | 4.0 RAM Kingston | Nvidia GT 520 | Elite Group MCP61M-M3 Motherboard | COMODO Firewall | Avast! Free | Google Chrome.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:01 PM

Posted 05 July 2012 - 07:38 AM

It's a false positive, see http://www.sevenforums.com/system-security/235011-cant-delete-reg-trojan-agent-malwarebytes.html .

False positives occur with just about (if not all) AV detection programs and are usually corrected when they become known.

Louis

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 05 July 2012 - 07:52 AM

This is one of the main reasons for always updating any Antivirus or Antimalware program prior to any scan.

Definitions are usually updated almost every day, and with programs like MBAM, they can be updated several times per day -
This was the reason it was cleared as a F / Positive within a very quick time.

They have a department at Malwarebytes that tracks new and false infections continuously -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users