I got suddenly a strange warning from MBAM when doing an on-demand scan about file C:\ProgramData\TEMP\RAIDTest It is a file without extension. System: Win 7 Pro 64-bit (Dutch). MBAM: Version: 2.2.1.1043 Malware Database: v2016.10.20.08 Rootkit Database: v2016.09.26.02 My resident AV NOD32 doesn't detect anything (on-access and on-demand). Submitted to VT : 0/54 Checksums: The file C:\ProgramData\TEMP\RAIDTest has the following Checksum(s) MD5 - 5F133A8BB542FAC5988CF608E07D891C SHA-160 - 09F65A74547EC7571BC82BA3775B9244D6D9C011 SHA-256 - 42475641855E167C2B50FFC6FCECABD0F147F5659FAA603A18A2F1214ABF1BF2
Is it a Lenovo computer? http://support.lenovo.com/us/en/downloads/ds036027 or is it a Trojan? http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/troj_rector.a
Thanks guys for your reply. The detection by MBAM is: Trojan.Agent, C:\ProgramData\TEMP\RAIDTest The file is only 4 bytes. As said, the file has no extension. The computer is no Lenovo. It was custom build by a shop in May 2014. Specs are in this post. Two screenshots of the properties tab of the file:
I also received the exact same alert on my Dell desktop computer during a scheduled MBAM scan at 4:15 p.m. (US EST) today. The file location and other info that "FanJ" reported above, matches my own results. (Running Win 7 Home Premium SP1, x64) MBAM indicates it is a Trojan. I scanned the file with my ESET Smart Security, SAS, and also submitted it to VirusTotal. NO issues were reported. My computer is NOT a Lenovo. File is in MBAM's Quarantine area now. My questions: 1. Is this a false positive? 2. Should I RESTORE the file from Quarantine? Thank you for your time and feedback.
I highly suspect that it is a false positive. The file is only 4 bytes. I had contact with someone about it. For now I have not let MBAM quarantine the file and for now I leave the file where it is. Let's wait and see.
Thanks for the feedback, FanJ! I have removed the file from MBAM's Quarantine area & restored the file to its original location. Just hope it actually IS a false positive. [EDIT @ 7:46 p.m. US EST]: After restoring the file to its original location, I ran another scan with MBAM. MBAM is still detecting it as a Trojan. Regards everyone.
Hi kls490, Although I do think that it is a false positive, don't take my word for granted. You know, better safe than sorry. So, let MBAM put it in Quarantine until we know more about it.
Hi again, I just got a response in the MBAM Forums to my inquiry about this detection. They believe it is indeed a false positive. (Link to reply by "Thisisu" shown below): https://forums.malwarebytes.org/top...-trojan-agent/?do=findComment&comment=1067609 Cheers!
Just a follow-up note that MBAM has just updated their database to v2016.10.21.02 which should resolve the detection issue reported here. Have a good one! (Time for me to get some 'shut-eye' now)!
Hi kls490, Thanks! It is fixed. Just scanned with database 2016.10.21.02 All's well that ends well Cheers!