Jump to content

Malwarebytes free finds a Trojan on my PC


User
 Share

Recommended Posts

For about two weeks now Malwarebytes Free always finds Trojan.WMIHijacker.ClnShrt in Firefox recovery.js if I make an On-Demand-Scan:

 

Quote

-Softwaredaten-
Version: 3.0.5.1299
Komponentenversion: 1.0.43
Version des Aktualisierungspakets: 1.0.1491
Lizenz: Kostenlos

........

Datei: 1
Trojan.WMIHijacker.ClnShrt, C:\USERS\...\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5IVUESPR.DEFAULT\SESSIONSTORE-BACKUPS\RECOVERY.JS, Entfernung fehlgeschlagen, [2576], [358768],1.0.1491

 

A scan with ESET Smart Security 10.0.390.0 says the file is OK, a complete scan of the PC also finds no infections and on virustotal also no other AV finds a virus or trojan in recovery.js.

 

Is this something to be concerned about?

Or is this a false alarm from Malwarebytes?

Edited by User
Link to comment
Share on other sites

  • Administrators

I'd suggest compressing and submitting the MBAM's quarantine folder to samples[at]eset.com along with a link to this topic.

Link to comment
Share on other sites

OK,

I submitted the compressed quarantine folder to samples[at]eset.com with subject

"possible Trojan detected by Malwarebytes but not ESET Smart Security 10.0.390.0"

Edited by User
Link to comment
Share on other sites

  • Administrators

Probably this was just a false positive as after restoring the file from quarantine it's no longer detected by MBAM. Also it's a file recovery.js where information about open tabs is stored so it's unlikely to be malicious.

Link to comment
Share on other sites

I found this website

https://www.bleepingcomputer.com/news/security/yeabests-cc-a-fileless-infection-using-wmi-to-hijack-your-browser/

and run wbemtest.exe as admin and followed the instructions, but no instance of ActiveScriptEventConsumer "ASEC" is active.

Also recovery.js is always the only file that according to Malwarebytes is infected.

 

Link to comment
Share on other sites

On 13.3.2017 at 6:23 PM, User said:

I submitted the compressed quarantine folder to samples[at]eset.com with subject

"possible Trojan detected by Malwarebytes but not ESET Smart Security 10.0.390.0"

 

I havn't received an answer until now, so can I assume this is a false positive from Malwarebytes?

Link to comment
Share on other sites

  • Administrators
20 hours ago, User said:

I havn't received an answer until now, so can I assume this is a false positive from Malwarebytes?

I've already responded above. To me it looks like a false positive from MB.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...