Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes claims user.exe is a trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 Riddling

Riddling

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:08:26 AM

Posted 20 April 2017 - 12:57 AM

Is it just me or has Malwarebytes become sentient and wants to destroy my computer? Malwarebytes claims that user.exe in the C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE directory is malware yet i'm pretty sure its an important system file, or maybe this is a false positive? i have no idea. I've also posted the FRST and Addition.txt logs just in case. 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 PM

Posted 20 April 2017 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled

Ths isThe default location for the user.exe file.
C:\Windows\SysWOW64\user.exe

The file identified by Malwarebyte is located here.
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\USER.EXE

I suspect that it's good but the location has not been accepted by MBAM.


Check the file at VirusTotal.

Navigate to their site:
https://www.virustotal.com/

Follow the instructions on the page.

Let me know the results.

#3 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:08:26 AM

Posted 20 April 2017 - 11:09 PM

The result is good, it had a 0/61 detection ratio and VirusTotal claims that the file is probably harmless, should I move it to the correct location or leave it as it is? as for system restore, should I enable it?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:26 PM

Posted 21 April 2017 - 07:48 AM



You have two option.

1 - Leave it along.
If it's not broken leave it alone.


Or

2 - Inform Malwarebytes by following the instuctions on this page.

https://support.malwarebytes.com/customer/portal/articles/1833577-how-do-i-collect-information-on-a-false-positive-?b_id=6440

===

as for system restore, should I enable it?
Yes!

Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
===

#5 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:08:26 AM

Posted 21 April 2017 - 10:28 PM

Thank you so much for the help, I really appreciate it!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users