Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Could it be false possitive?

  • Please log in to reply
1 reply to this topic

#1 Yoummuu


  • Members
  • 1 posts
  • Local time:03:26 PM

Posted 14 October 2017 - 04:17 AM

So,MBAM detected a backdoor.bot registry value 2 days ago,I didnt notice until I rescanned today and quarantined it,and then deleted it,out of my curiosity tho,I did a system restore and recovered the registry value so just to check to what executable it was associated with,it was with svchost.exe(HKEY_USERS\S-1-5-21-1347879912-2154951166-915779611-1001\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update) which made no surprise,but what made it weird is that when I browse the folder I found no svchost.exe,only the config file,which was last edited 1 week ago.I am not really familiar with how MBAM or any AV works but could it be that MBAM tagged it as a backdoor.bot as a false possitive?

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,505 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:26 AM

Posted 14 October 2017 - 07:08 AM

I suggest you ask MBAM about that in their forums. Malwarebytes Forums

False Positives - Malwarebytes Forums

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users