Strange results from MBAM
in [Spyware]
|
From: wasted on 11 Dec 2008 11:17 "Andy Walker" <awalker(a)nspank.invalid> wrote in message news:49415fd2.67919046(a)news.webtv.com... > wasted wrote: > >> >> >>"Andy Walker" <awalker(a)nspank.invalid> wrote in message >>news:493fb161.344733921(a)news.webtv.com... >>> wasted wrote: >>> >>>>Just discovered from a sequence of Googling that a folder named as >>>>"Protection" is created by some malware or other, which is why it is >>>>flagged. Renaming my folder has stopped it being flagged. >>> >>> Where was the folder located? I've seen more than a few people come >>> in to the group asking about this and it would be good information to >>> have for the next request... >>> >>> >>> It's odd that renaming a folder could change a registry setting... >>> unless there is a program in memory that monitors the folder and makes >>> the registry change. I suppose MBAM could be reporting a false >>> positive based on what it thinks the registry entry would be if the >>> folder existed... which seems to me to be a bug if that's the case. >>> >>> Thanks, >>> Andy >>See my original post Andy - the location is mentioned already. It is, or >>was, off >>the Start menu folder. > > Ok, but that could mean a number of different locations depending upon > what you mean by "start menu". You also have (at least) two different > locations where the folder could reside "All Users" and "current_user" > are two of the most used. If you don't know the exact location then > that's fine, I just thought it would be useful to know the exact > location. > >> I hadn't seen any previous references here (if by >>"here" you mean alt.privacy.spyware). I only found one reference to it >>elsewhere through Googling. > > The reply I originally gave you was a cut-and-paste from one of my > prior posts on the subject. It's possible that the x-no-archive flag > was set on the post, though, because I normally honor the x-no-archive > when responding. That would remove it from Google after a few days. Ah - didn't think about there being a Start Menu for other users - because I'm the only user so never see that the full path was C:/Program Data/Microsoft/Windows/Start Menu/Programs/Protection
From: Dustin Cook on 13 Dec 2008 18:45 Andy Walker <awalker(a)nspank.invalid> wrote in news:493fb161.344733921 @news.webtv.com: > wasted wrote: > >>Just discovered from a sequence of Googling that a folder named as >>"Protection" is created by some malware or other, which is why it is >>flagged. Renaming my folder has stopped it being flagged. > > Where was the folder located? I've seen more than a few people come > in to the group asking about this and it would be good information to > have for the next request... > > > It's odd that renaming a folder could change a registry setting... > unless there is a program in memory that monitors the folder and makes > the registry change. I suppose MBAM could be reporting a false > positive based on what it thinks the registry entry would be if the > folder existed... which seems to me to be a bug if that's the case. > > Thanks, > Andy > Well, If I wasn't killfiled by you, I'd explain what's going on. :) But, no it's not a bug. -- Regards, Dustin Cook Malware Researcher MalwareBytes - http://www.malwarebytes.org
First
|
Prev
|
Pages: 1 2 3 Prev: Free Antispyware Utilities Next: Court Halts Bogus Computer Scans -- WinFixer Group |