18 replies to this topic

[hornynick]

About 2 weeks ago I ran a scan and Mb found a trojan caleed VBKrypt (or similar) on MFME 3.2. I just assumed that a virus had attached itself to the file and removed it. Over the weekend I finally got round to re-downloading 3.2 and today I did a scan and the virus is back.

I am now assuming its a false positive but did remove it to be on the safe side. Has anyone else done a scan with Mb recently and had the same? Also, if it isnt a false positive and there is something sinister lurking on my system (is that likely?) why is it only targeting 3.2?

[vectra666]

just checked mine though avg as i think i got mfme3.2 off a dodgy fleabay dvd originally before i found this/sites and mines all clear

[ady]

As this was added in its current state on 3rd Nov 2006 with no problems.

I think we can confidently say it's your config of your AV.

[hornynick]

I know the file itself was ok when downloaded, im just asking others with up to date Malwarebytes if they get the same result. If not then I know I got bigger problems.

[Stephen22]

It detects a trojan on my MFME 1.0, 2.0 and 3.2 too. Malwarebytes uses a fairly powerful heuristics and behaviour based analysis engine, that means in addition to just checking for actual malware and viruses from a database like most anti-virus programs it also scans for programs which may act like a virus or malware, this is so it can catch newer viruses that aren't yet detectable by most programs and viruses ones that actively try to evade anti-virus programs, the downside to this is that Malwarebytes is well known to show a lot of false positives. I've scanned all three .exe files with my AVG Internet Security 2011 and all 3 show no infection so I'd say it's just false positives, as it's the 3 older versions of MFME that trigger the alert while the newer 9.4, 9.9 and 10.1a show as clean I'd say that something is written into the older versions which Malwarebytes thinks resembles the behaviour of a trojan and flags it.

[Taylor525]

Having said that, I did a malware thing (that someone posted on another thread) and then found that MFME 3.2 had gone...

I've re downloaded it using the 'All In One' version,

Not sure if thats something like you're on about??

[hornynick]

Could be. when the scan had finished did you have infections? If you did and clicked clean, it gets rid of 3.2 If thats the case I can breathe easy lol.

[todd1970]

It detects a trojan on my MFME 1.0, 2.0 and 3.2 too. Malwarebytes uses a fairly powerful heuristics and behaviour based analysis engine, that means in addition to just checking for actual malware and viruses from a database like most anti-virus programs it also scans for programs which may act like a virus or malware, this is so it can catch newer viruses that aren't yet detectable by most programs and viruses ones that actively try to evade anti-virus programs, the downside to this is that Malwarebytes is well known to show a lot of false positives. I've scanned all three .exe files with my AVG Internet Security 2011 and all 3 show no infection so I'd say it's just false positives, as it's the 3 older versions of MFME that trigger the alert while the newer 9.4, 9.9 and 10.1a show as clean I'd say that something is written into the older versions which Malwarebytes thinks resembles the behaviour of a trojan and flags it.

Id agree , i have scanned this 3 times (Avast , Trojan hunter and Malwarebytes) and the only one that flags this as a 'virus' is Malwarebytes.

With all AV programs , certain 'suspicious behaviour' can lead to programs flagging up viruses , but ive had these emulators on my system for years and never had it 'infect' my system.

Plus ive had just about every AV program going ... Kaspersky , AVG , Norton , ESET , Microsoft security Essentials , Bitdefender , none of them have ever found a problem with these files.

[stanmarsh14]

Yep, the VBcrypt result from Malwarebytes is 100% false-positive, and only started a few revisions back, so you need to tell malwarebytes to exclude mfme from it's scans.

If you are ever unsure of any file, best uploading it to Virus Total, where they use several scan engines, which is a much more reliable bet than using just one or two scan engines alone

I would say if you get a detection rate of 30% or less, it's a pretty safe bet the file is fine

https://www.virustotal.com/

Edited by stanmarsh14, 14 November 2012 - 11:30 PM.

[nails]

just goes to show how good the malware bytes program is.

[hornynick]

Cheers guys, as someone said it only just started flagging it up so it did get me worried a bit.

[lufc26]

I had the same happen to me. I was going to post a thread up about it but don't need to now !

[TurboZed]

Anybody found a way to get 3.2 back up and working? with avg there doesn't seem a way to let it remain active. In the past you could declare things as false +ve's, but now all you can do is leave them but unusable.

[Magz]

Uninstall AVG, install security essentials instead and then re-download the mfme package. Worked for me on an old machine that still ran AVG.

[stanmarsh14]

Anybody found a way to get 3.2 back up and working? with avg there doesn't seem a way to let it remain active. In the past you could declare things as false +ve's, but now all you can do is leave them but unusable.

 

Best to ditch AVG, and just go with MSE (Which also updates directly via windows update), and save yourself some grief.

It's just as good as AVG, and is something I have now started using on comps I repair for people.

http://www.microsoft...curity/mse.aspx

[vectra666]

I have Avg and when it scans computer for virus's it removes mfme3.2 and puts it into the virus vault all I do then is goto virus vault and restore the item everytime it does it I had malaware but that removed all the early mfme's

[Magz]

Best to ditch AVG, and just go with MSE (Which also updates directly via windows update), and save yourself some grief.

It's just as good as AVG, and is something I have now started using on comps I repair for people.

http://www.microsoft...curity/mse.aspx

 

I'd say it's actually a lot better than AVG. In fact MS Security Essentials just came top of the Which? review of PC security products.

 

As it's free, it's a bit of a no brainer tbh.

[Guitar]

MFME gives a false positives because it acts in a way similar to a key logger.

 

Its just a side effect of what the emulator is doing. i.e. sitting waiting for a key to be pressed so it can do the keyboard shortcuts.