Results 1 to 7 of 7
  1. #1
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    895
    Points
    53

    Default Malwarebytes and Rogue.Installer

    Sorry guys, I seem to be becoming one of those repeat offenders we don't like

    I ran Malwarebytes just now and it found Rogue.Installer which it's flagged up as a problem - no action has been taken yet. I've searched but couldn't find any information that was clear - is it safe to remove or is it maybe a false positive? Here's the log-file :

    Malwarebytes' Anti-Malware 1.28
    Database version: 1229
    Windows 5.1.2600 Service Pack 2

    05/10/2008 16:21:39
    mbam-log-2008-10-05 (16-21-29).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 103594
    Time elapsed: 35 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Toshiba\WebCam Driver\setup.exe (Rogue.Installer) -> No action taken.

    Thank you.

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    This is the only weak point of MalwareBytes. It's database includes not just specific file paths but just names alone. There is a rouge application that created a folder named C:\Program Files\Antispyware. If a user decides to name a folder with that name and then run MBAM, everything in it will be deleted. See here, MBAM even deleted itself.

    That said setup.exe is used by a lot of programs good and bad. As long as you know what it belongs to then I would say it's a false positive.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    895
    Points
    53

    Default

    C:\Toshiba\WebCam Driver\setup.exe (Rogue.Installer)

    Thanks EvilFantasy - it seems to be part of the Toshiba files but I don't have a web cam on this laptop - would that still indicate a false positive?

    Thank you.

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    I'm pretty sure it is a false positive.

    It wouldn't hurt to go to the MalwareBytes False Positives forum and report it so they can fix it in their database. Read the Before reporting sticky so you can run the scan in developer mode and post that log. I've reported a few false positives and they are usually pretty quick to get it straightened out. They may need you to zip up a copy of the file and send it to them so they can analyze it.

    Or better yet I'll post the instructions here.

    Quote Originally Posted by RubbeR DuckY
    Before reporting a false positive, you need to save a log in developer mode. This will allow us to figure out how the false positive came to be. Simply follow these directions.

    1. Click the Start Menu.
    2. Click Run.
    3. Type in "mbam.exe /developer", without the quotes.
    4. Run the same type of scan you did before and save the logfile and post it.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  5. #5
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    895
    Points
    53

    Default

    Hi EF, thanks for the instructions - I've posted the developer log file on the false positives forum.

    Thanks again.

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  6. #6
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    895
    Points
    53

    Default

    Hi EF - had a very prompt response from the Malwarebytes forum and they've confirmed it's a false alarm.

    As always - thanks for your help

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  7. #7
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Your welcome. They usually release one or two database updates each day so it shouldn't be long before it is included.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum