mbam id's this file as Trojan.Zbot (?)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
About a week ago I downloaded mbam to scan an XP system.  I didn't
perform an update before I did the scan.  I think the mbam database
contained in the download was 6 months old.

The scan said this:

C:\WINDOWS\system32\config\systemprofile\Application
Data\twain_32\user.ds (Trojan.Zbot) -> No action taken.

I then updated mbam and ran the scan a second time, and got the SAME
result.

I tried to upload user.ds to VT, but VT didn't seem to be working at the
time.  That was a week ago.

Just now I tried again to upload user.ds to VT, and it worked, and got
100% clean result.

So why does mbam say that user.ds contains zbot, but the on-line version
of mbam at VT says it's clean?

Re: mbam id's this file as Trojan.Zbot (?)

On 2013-09-29 6:01 PM, Virus Guy wrote:
Quoted text here. Click to load it

Because all anti-malware scanner occasionally report a false positive.  
Or a false negative. I'd  scan with a couple of other scanners.

HTH

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it


Please read before reporting a false positive
http://forums.malwarebytes.org/index.php?showtopic=3228

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: mbam id's this file as Trojan.Zbot (?)

"David H. Lipman" wrote:
  
Quoted text here. Click to load it

But why didn't the VT version of mbam also report a false-positive?

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

You can ask that when you make a post to negate the False Positive.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: mbam id's this file as Trojan.Zbot (?)

On 2013-09-29 8:04 PM, Virus Guy wrote:
Quoted text here. Click to load it

Because all anti-malware scanners occasionally report a false positive.  
Or a false negative. I'd  scan with a couple of other scanners. At  
least. Go with the majority vote.

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: mbam id's this file as Trojan.Zbot (?)

On Mon, 30 Sep 2013 09:33:31 -0400

Quoted text here. Click to load it

I think he is asking, as has been asked before, why would the version
VT uses have a different result from the one the end user uses. IIRC it
has been pointed out before that sometimes the exact same version
number in both cases has also produced differing results depending upon
the scanner having context and not having context. Not just MBAM, but
others as well.

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

Saddening to read that VT actually scans files with MBAM. Normally I'd  
laugh or have some sarcastic thing to write here, but.. this really is  
disappointing from an internal POV.


--  
ABRACADABRA!

Nope... You're still an asshole.

Re: mbam id's this file as Trojan.Zbot (?)

On Tuesday, October 1, 2013 9:52:32 AM UTC+8, Dustin wrote:
  
Quoted text here. Click to load it

Note: The author of this message requested that it not be archived. This message will be removed from Groups in 6 days (Oct 8).

Why bother with six days you moron?  Just self-censor yourself and stop posting at all.

RL


Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

In MBAM's case (my last post on the subject) you really shouldn't see any  
difference between online scan and normal scan. Unless MBAM has been  
ported, VT is having to emulate a suitable environment to run it, and that  
might be what's causing the issue there.

In other words, both versions should always return the same results if  
using the same databases.


--  
ABRACADABRA!

Nope... You're still an asshole.

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

FTR is correct about context and would explain why on a system it is flagged  
but on VT it is not because of a lack of context.  You and I both know why  
as we have discussed this before over YIM.


--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: mbam id's this file as Trojan.Zbot (?)

David H. Lipman, while unnecessarily full-quoting, wrote:
  
Quoted text here. Click to load it


In this case, you guys are full of shit.

Mbam, while going a system-wide file-scan, knows nothing of the
"context" of the files that it's scanning.  It's context information is
no different than when it's presented with a file via the VT interface.

But some sane person (Pustin?) wrote:

Quoted text here. Click to load it

There is a lot we don't know about VT and if a null-result for any given
program is really just a malfunction or time-out vs a negative result.

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

Actually you are wrong and I won't violate the Malwarebytes' NDA to tell you  
why.

--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: mbam id's this file as Trojan.Zbot (?)

127.0.0.1:

Quoted text here. Click to load it

Would you please stop with the horseshit? We *all* know your post here is  
total bullshit. I only shared that because it's not something I'm worried  
about you using against me. You're the gobshite POS troll i've always  
considerd you to be. nothing will ever change.


--  
Sometimes there's a part of me...Has to turn from here and go...Running  
like a child from these warm stars down the seven bridges road. There are  
stars in the southern sky. And if you ever you decide you should go...There  
is a taste of thyme sweetened and honey down the seven bridges road...

Re: mbam id's this file as Trojan.Zbot (?)


Quoted text here. Click to load it

Dustin I hope you will post again in more moderate tones.

--  
Jax    

Re: mbam id's this file as Trojan.Zbot (?)

On Tuesday, October 1, 2013 9:04:57 PM UTC+8, David H. Lipman wrote:
  
Quoted text here. Click to load it

Trying to argue subtle points with Dustbin, the village idiot?  That's like trying to talk sense to the town drunk.  It will get you nowhere and merely annoy the town drunk.

RL

Site Timeline