A forum for reverse engineering, OS internals and malware analysis 

MBAM - detection by file names

Forum for announcements and questions about tools and software.

Re: MBAM - detection by file names

 #6963  by EP_X0FF
 Tue Jun 28, 2011 3:19 am
Xylitol wrote:http://www.virustotal.com/file-scan/rep ... 1309176617
page 8 and 9 of comments are interesting
I came across this funny hash of zero byte length file not so long time ago, seems number of experts increased for a few days.
Reputation:
6 credits
Comment date:
2011-06-05 15:13:36 (UTC)
it´s malware p2p exploit quicktime
Reputation:
3 credits
Comment date:
2011-06-16 18:12:55 (UTC)
Rogue AV detected by FireEye
Reputation:
1 credits
Comment date:
2011-01-18 12:44:17 (UTC)
TDSS sample
Reputation:
2395 credits
Comment date:
2011-05-26 09:41:00 (UTC)
This is the re-production to proof that this sample is a malware: <LONG NONSENSE POST SKIP>
*Facepalm*
Reputation:
3160 credits
Comment date:
2011-06-01 06:06:47 (UTC)
on my system this is the "MountPointManagerRemoteDatabase" (no extension) "System File" located at
[System Partition Root]\System Volume Information\ <LONG NONSENSE POST SKIP> I just managed to temporarily regain Admin rights on this system and wanted to see if this file (which appeared after reinfection symptoms started popping up) was detected by *any* of the scanners. Alas, none of the scanners are able to get around its evil genius... yet :(
"Alas, none of the scanners are able to get around its evil genius... yet :( " <- that was epic LOL, of course nobody don't wants to be FakeAV.

Re: MBAM - detection by file names

 #17387  by bolzano_1989
 Thu Dec 27, 2012 3:22 am
EP_X0FF wrote:
Xylitol wrote:http://www.virustotal.com/file-scan/rep ... 1309176617
page 8 and 9 of comments are interesting
I came across this funny hash of zero byte length file not so long time ago, seems number of experts increased for a few days.
Reputation:
6 credits
Comment date:
2011-06-05 15:13:36 (UTC)
it´s malware p2p exploit quicktime
Reputation:
3 credits
Comment date:
2011-06-16 18:12:55 (UTC)
Rogue AV detected by FireEye
Reputation:
1 credits
Comment date:
2011-01-18 12:44:17 (UTC)
TDSS sample
Reputation:
2395 credits
Comment date:
2011-05-26 09:41:00 (UTC)
This is the re-production to proof that this sample is a malware: <LONG NONSENSE POST SKIP>
*Facepalm*
Reputation:
3160 credits
Comment date:
2011-06-01 06:06:47 (UTC)
on my system this is the "MountPointManagerRemoteDatabase" (no extension) "System File" located at
[System Partition Root]\System Volume Information\ <LONG NONSENSE POST SKIP> I just managed to temporarily regain Admin rights on this system and wanted to see if this file (which appeared after reinfection symptoms started popping up) was detected by *any* of the scanners. Alas, none of the scanners are able to get around its evil genius... yet :(
"Alas, none of the scanners are able to get around its evil genius... yet :( " <- that was epic LOL, of course nobody don't wants to be FakeAV.
Do you have any idea where the "behavioural information" of this empty file came from :) ?

Re: MBAM - detection by file names

 #17653  by jammed
 Tue Jan 08, 2013 7:20 am
Why Suddenly MBAM Starts Detecting a File and 10 Days Later Stops Detecting It.. Again After Some Days It Do The Same.. Why This happens in MBAM ? Are Their Database Dependent on some other Anti Virus Database.. How do they decide which file they should start detecting..

Re: MBAM - detection by file names

 #17667  by AdvancedSetup
 Tue Jan 08, 2013 10:50 pm
More than likely the heuristics are being triggered by the file for some reason. We make hundreds of changes to the detection routines daily. It's a fine line sometimes between determining if a file is or is not a threat.

If you continue to have an issue with a file detection you can submit a false positive report and someone will look into it for you.


Reporting a False Positive at Malwarebytes

Thanks
 Return to “Tools/Software”