Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avira gives false positives?


  • Please log in to reply
6 replies to this topic

#1 junzi

junzi

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 23 June 2012 - 02:02 PM

i am using windows xp and firefox browser. i have avira free antivirus and malwarebytes antimalware. noticed my browser was super slow, and earlier today avira informed me that it found 4 trojans.

Posted Image
Posted Image
Posted Image
Posted Image

updated malwarebytes and did a scan, it did not detect anything. (it seems that the trojan is in the mbam.exe itself?!)

next i scanned using avira, it detected the malware but was unable to remove them.

any help appreciated, thanks!

Edited by junzi, 23 June 2012 - 02:07 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 PM

Posted 23 June 2012 - 06:45 PM

It looks like false positive to me.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 junzi

junzi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 24 June 2012 - 01:41 AM

SHA256: a981359f442dd7a192735fae76857d558b1279bbec29d80de391d03aeea1c257
File name: mbam.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-24 06:39:49 UTC ( 0 minutes ago )
7
0
More details
Antivirus Result Update
AhnLab-V3 - 20120623
AntiVir - 20120623
Antiy-AVL - 20120624
Avast - 20120623
AVG - 20120623
BitDefender - 20120624
ByteHero - 20120618
CAT-QuickHeal - 20120623
ClamAV - 20120624
Commtouch - 20120623
Comodo - 20120624
DrWeb - 20120624
Emsisoft - 20120624
eSafe - 20120621
F-Prot - 20120623
F-Secure - 20120624
Fortinet - 20120624
GData - 20120624
Ikarus - 20120624
Jiangmin - 20120624
K7AntiVirus - 20120622
Kaspersky - 20120624
McAfee - 20120624
McAfee-GW-Edition - 20120624
Microsoft - 20120624
NOD32 - 20120622
Norman - 20120623
nProtect - 20120624
Panda - 20120623
PCTools - 20120624
Rising - 20120621
Sophos - 20120624
SUPERAntiSpyware - 20120624
Symantec - 20120624
TheHacker - 20120623
TotalDefense - 20120622
TrendMicro - 20120624
TrendMicro-HouseCall - 20120623
VBA32 - 20120622
VIPRE - 20120624
ViRobot - 20120623
VirusBuster - 20120623

Comments
Votes
Additional information

No comments

#4 junzi

junzi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 24 June 2012 - 01:44 AM

i realized i double posted one of the alerts and missed this:

Posted Image

i have also scanned it, log here:

SHA256: 737a47741cfe4b7f35e9366fe051229ebf786f47dd5fbe563f04e9880160fa6a
File name: WINWORD.EXE
Detection ratio: 0 / 42
Analysis date: 2012-06-24 06:43:26 UTC ( 0 minutes ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120623
AntiVir - 20120623
Antiy-AVL - 20120624
Avast - 20120623
AVG - 20120623
BitDefender - 20120624
ByteHero - 20120618
CAT-QuickHeal - 20120623
ClamAV - 20120624
Commtouch - 20120623
Comodo - 20120624
DrWeb - 20120624
Emsisoft - 20120624
eSafe - 20120621
F-Prot - 20120623
F-Secure - 20120624
Fortinet - 20120624
GData - 20120624
Ikarus - 20120624
Jiangmin - 20120624
K7AntiVirus - 20120622
Kaspersky - 20120624
McAfee - 20120624
McAfee-GW-Edition - 20120624
Microsoft - 20120624
NOD32 - 20120622
Norman - 20120623
nProtect - 20120624
Panda - 20120623
PCTools - 20120624
Rising - 20120621
Sophos - 20120624
SUPERAntiSpyware - 20120624
Symantec - 20120624
TheHacker - 20120623
TotalDefense - 20120622
TrendMicro - 20120624
TrendMicro-HouseCall - 20120623
VBA32 - 20120622
VIPRE - 20120624
ViRobot - 20120623
VirusBuster - 20120623

Comments
Votes
Additional information

No comments

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:23 PM

Posted 24 June 2012 - 10:12 AM

Yeah, I suggest you report the issue at Avira forum.
Surely such known antimalware program like MBAM shouldn't be triggering Avira and scare its users.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 junzi

junzi
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 24 June 2012 - 10:37 AM

i am using windows xp and firefox browser. i have avira free antivirus and malwarebytes antimalware. noticed my browser was super slow, and earlier today avira informed me that it found 4 trojans.

Posted Image
Posted Image
Posted Image
Posted Image

updated malwarebytes and did a scan, it did not detect anything. (it seems that the trojan is in the mbam.exe itself?!)

next i scanned using avira, it detected the malware but was unable to remove them.

i posted a topic on the am i infected forum here http://www.bleepingcomputer.com/forums/topic458116.html and was told that it might be false positives and to do a virustotal.com scan. none of the files were found to be infected. is it normal for avira to be sending false positives (like did it just make up the name of some malware?!)? is it possible for malware to migrate from one file to another? am worried there's still malware hanging around. any help appreciated, thanks!

Edited by junzi, 24 June 2012 - 10:38 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 24 June 2012 - 08:54 PM

As shown by the Virustotal log it does look like a False positive.

Please submit the file to Avira. They will analyze it and remove it from their detections.
Submitting suspected false positives to Avira

NOTE: I merged this post wuth the oringinal AII post.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users