(Fixed)MBAM FP RAIDTest ?

Discussion in 'other anti-malware software' started by FanJ, Oct 20, 2016.

  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,632
    I got suddenly a strange warning from MBAM when doing an on-demand scan about file C:\ProgramData\TEMP\RAIDTest
    It is a file without extension.
    System: Win 7 Pro 64-bit (Dutch).
    MBAM:
    Version: 2.2.1.1043
    Malware Database: v2016.10.20.08
    Rootkit Database: v2016.09.26.02

    My resident AV NOD32 doesn't detect anything (on-access and on-demand).

    Submitted to VT : 0/54

    Checksums:
    The file C:\ProgramData\TEMP\RAIDTest has the following Checksum(s)
    MD5 - 5F133A8BB542FAC5988CF608E07D891C
    SHA-160 - 09F65A74547EC7571BC82BA3775B9244D6D9C011
    SHA-256 - 42475641855E167C2B50FFC6FCECABD0F147F5659FAA603A18A2F1214ABF1BF2
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
  3. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    I got it on my desktop pc today.

    Self build not a lenovo.
     
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,632
    Thanks guys for your reply.
    The detection by MBAM is: Trojan.Agent, C:\ProgramData\TEMP\RAIDTest
    The file is only 4 bytes.
    As said, the file has no extension.
    The computer is no Lenovo. It was custom build by a shop in May 2014. Specs are in this post.

    Two screenshots of the properties tab of the file:

    RAIDTest_2016-10-21_01.png

    RAIDTest_2016-10-21_02.png
     
  5. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    60
    Location:
    Mid Atlantic Region (USA)
    I also received the exact same alert on my Dell desktop computer during a scheduled MBAM scan at 4:15 p.m. (US EST) today. The file location and other info that "FanJ" reported above, matches my own results. (Running Win 7 Home Premium SP1, x64)

    MBAM indicates it is a Trojan. I scanned the file with my ESET Smart Security, SAS, and also submitted it to VirusTotal. NO issues were reported. My computer is NOT a Lenovo.

    File is in MBAM's Quarantine area now.

    My questions:
    1. Is this a false positive?
    2. Should I RESTORE the file from Quarantine?


    Thank you for your time and feedback.
     
  6. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,632
    I highly suspect that it is a false positive. The file is only 4 bytes.
    I had contact with someone about it.
    For now I have not let MBAM quarantine the file and for now I leave the file where it is.
    Let's wait and see.
     
  7. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    60
    Location:
    Mid Atlantic Region (USA)
    Thanks for the feedback, FanJ!

    I have removed the file from MBAM's Quarantine area & restored the file to its original location.

    Just hope it actually IS a false positive.

    [EDIT @ 7:46 p.m. US EST]: After restoring the file to its original location, I ran another scan with MBAM. MBAM is still detecting it as a Trojan.

    Regards everyone.
     
    Last edited: Oct 20, 2016
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,632
    Hi kls490,

    Although I do think that it is a false positive, don't take my word for granted. You know, better safe than sorry. So, let MBAM put it in Quarantine until we know more about it.
     
  9. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    60
    Location:
    Mid Atlantic Region (USA)
  10. kls490

    kls490 Registered Member

    Joined:
    Aug 15, 2015
    Posts:
    60
    Location:
    Mid Atlantic Region (USA)
    Just a follow-up note that MBAM has just updated their database to v2016.10.21.02 which should resolve the detection issue reported here.

    Have a good one! (Time for me to get some 'shut-eye' now)! :)
     
  11. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    4,632
    Hi kls490,

    Thanks!

    It is fixed. Just scanned with database 2016.10.21.02

    All's well that ends well

    Cheers!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.