FalsePositive?

Eset is coming up with the following.............

01/07/2009 1:53:41 PM Real-time file system protection file D:\autorun.inf INF/Autorun virus PAIROFHEARTS\Compaq_Administrator Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

01/07/2009 3:02:21 PM Real-time file system protection file D:\autorun.inf INF/Autorun virus deleted - quarantined PAIROFHEARTS\Compaq_Administrator Event occurred during an attempt to access the file by the application: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe.

 

Hello,

Why do you suspect this is a false positive alarm?

From looking at the report, it appears that MalwareBytes Anti Malware is attempting to access D:\AUTORUN.INF and ESET NOD32 Antivirus is blocking the access because it has detected a threat in it.

If the D: drive does indeed contain an AUTORUN.INF-deployed piece of malware then this is the correct, expected behavior from ESET NOD32 Antivirus.

Regards,

Aryeh Goretsky

 

I don't suspect it is a false positive, but rather asking if it might be a false positive. Here is what MBAM has to offer.......

I think I know what is going on here , but it is complicated to explain .
The file C:\autorun.inf was part of a previously removed infection on this system (it is just a load point , it is not actually malware) .
Malwarebytes reads the file contents as part of our scan .
As the file contents are read ESET sees them as well and a protection alert is triggered .

In any event I would simply delete C:\autorun.inf and this should solve all problems .

--------------------
Bruce Harrison
Malwarebytes Lead Researcher


et tu Brute??

 

Hello,

It could be a remnant that is left over from an already removed infection.

Regards,

Aryeh Goretsky