• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

NS scan finds malware in a Malwarebytes/temp file

This started yesterday with a reboot request after Norton Security 22.5.5.15  performed a scan it informed me that backdoor.regin was located in a Malwarebytes temp file. It was located in the root of Malwarebytes/00001263.temp.      Rebooted

After posting in MBAM forum I was told as per below this is a Norton issue of false positives and Norton creating the temp file again..     "The issue you report has been a longstanding problem with Norton.
There are many threads about it, such as HERE and HERE
It has been discussed at the Norton forums, as well, HERE and HERE
The problem is with Norton, not with Malwarebytes...."


Today after a update and a quick scan malware was again found in the root of Malwarebytes in a temp file. Details below:

Filename: 00013676.tmp
Threat name: Trojan.Killproc!genFull Path: d:\utilities\malwarebytes anti-malware\00013676.tmp
____________________________
On computers as of
1/24/2016 at 2:01:52 PM
Last Used
1/24/2016 at 2:03:52 PM
Startup Item
No
Launched
No
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.____________________________
00013676.tmp Threat name: Trojan.Killproc!gen
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week  ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
00013676.tmp___________________________
File Actions
Infected file: d:\utilities\malwarebytes anti-malware\ 00013676.tmp Removed
____________________________
File Thumbprint - SHA:
acc53e005ce702390562f76ec810ed2c7dab40394c61a6f91745a00378867cca
File Thumbprint - MD5:
Not available

SO why is NS creating a temp file in the root of Malwarebytes and as per MBAM forum, is it a NS issue/problem and what is the cure for this or is it a issue of needing a new patch to correct this issue/problem ??? Should I configure Norton not to scan MBAM DIR ?

Tons of fun.............

1) Maximus VI Extreme - i7 4790K@4.0ghz,32gig,Gskill Trident X 2400,MSI R7970 Twin Frozr III Factory OC,Corsair 240g SSD, Corsair W/C H801,3TB Sam,Win10x64 2) Rampage II Extreme-i7 960@3.4ghz,24gig Kingston,MSI R7950 Twin Frozr III-3g,Corsair 240g SSD,2TB WD,Win10x64, NS, NU16, MBAM

Replies

Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

Hi, Pkshadow. It's possibly because it's a new file, as you mentioned.

As more users access the file, Norton will likely not flag it.

In the meantime, you may wish to submit it to Symantec as a false positive.

https://community.norton.com/en/forums/how-report-false-positives

Windows 10 Home X 64
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

Have you tried clearing that file, then run a Norton Scan. See if this file is created again.

If not, then run a Malwarebytes scan and check for the file again. This should determine where the file is coming from.

I cannot see how it is said that Norton would create a temp file in another program's directory.

Are you running the Pro version of MBAM? If so have you set the exclusions in both MBAM and Norton to reduce the chances of conflicts?

Things happen. Export/Backup your Norton Password Manager data.
Accepted Solution
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

If you enable MBAM's self protection module Norton won't be able to access MBAMs files.  That's what I've done now after having Norton detecting similar on my machines.

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

As stated it is a temp file so first off Malwarebytes Premium for life non-hacked is not suppose to be producing any temp files in it's root as far as my understanding of it goes so there fore more users should not be accessing the file.

It is or seems pretty impossible to grab the file when found as NS says it is deleted and wants to reboot.  Other comments by people with the issue have stated can not grab it.  Will give a try next instance if there is one to submit.

Thought self protection was turned on and have now turned it on on MBAM as is with NS.

As for excluding scans I have found that MBAM regardless if tell it not to scan NS it still scans it.  I have emails back and forth with MBAM development/bugs/product support and they can not figure out why it still scans NS regardless if is excluded and in NS history there is constant update reporting NS has blocked MBAM.  This issue was 1st reported to them 10/28/14 & all they could figure out was that MBAM in the course of it's scans hits the folder of NS even though excluded and since it hits the folder NIS & NS being in self protect mode or just period goes not allowed here and blocks and is then in NIS & NS history. As well I did some testing for them with this issue as they do not regularly test with Norton and they had to get one of their beta testers to try reproduce what I was getting and to a degree it was replicated so states email but to me though did not see the logs that were submitted it was confirmation of MBAM hitting NIS & logs were created in NIS because of this. 

As for excluding NS from scanning MBAM I have previously done that but not on this install and it may not be a good idea, as well it would/may prob put a stop to this temp file thing but is that the correct way to figure this problem/issue out ??

I have run a MBAM scan and found nothing right after the 1st time.  It is the usual when doing nothing with system that NS scans and finds at interval of 1 x's a day only at this time.

Though I think important part of this is that this just started to occur after running fine for months on Win10 and I have used Adwcleaner and SuperAntiSpyware and Hitman Pro nothing found and used RogueKillerX64 which did find a entry that when did a search it was told by the help sites to delete but there was no info on what/why they told person to delete it.  It was not here on my system before so I deleted it also [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found

Ok....think I covered all 3 of you guys comments..... 

Please note post this http://community.norton.com/en/forums/norton-360-premier-flagged-malware...

which was from Malwarebytes https://forums.malwarebytes.org/index.php?/topic/165215-norton-finds-w32...

1) Maximus VI Extreme - i7 4790K@4.0ghz,32gig,Gskill Trident X 2400,MSI R7970 Twin Frozr III Factory OC,Corsair 240g SSD, Corsair W/C H801,3TB Sam,Win10x64 2) Rampage II Extreme-i7 960@3.4ghz,24gig Kingston,MSI R7950 Twin Frozr III-3g,Corsair 240g SSD,2TB WD,Win10x64, NS, NU16, MBAM
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

Pkshadow:

Today after a update and a quick scan malware was again found in the root of Malwarebytes in a temp file. Details below:

Filename: 00013676.tmp
Threat name: Trojan.Killproc!genFull Path: d:\utilities\malwarebytes anti-malware\00013676.tmp

Hi Pkshadow:

Are you running the latest MBAM Premium v2.2.0.1024 and did you perform a custom install and choose d:\utilities\malwarebytes anti-malware\ as your root directory, or was it installed there by default?  Part of the issue might be that your MBAM files are not located in the default C:\Program Files (x86)\Malwarebytes Anti-Malware\ directory for 64-bit OSs.  This might cause Norton to flag the files as "suspicious" or result in MBAM failing to remove old temp files during routine cleanups because they are not in expected locations.
-------------
32-bit Vista Home Premium SP2 * Firefox v43.0.4 * NIS (2014) v21.7.0.11 * MBAM Premium v2.2.0

Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

HI :=}

Yes am running Premium v2.2.0.1024 and yes did a custom install as I have done for years.  This install from Jan when updated to Win10 2nd build had to reinstall some programs.  Have not had any previous problems with any of my programs in D:/ .  Yes it is possible that it wants to find it in C:\ but since is in D:\Utilities it has no choice in the matter.and has run fine for years until this weekend.  I updated definitions for MBAM this AM and then ran a scan on the folder. Nothing found but will wait for NS to do it's idle time scan as have had things not found when scan on demand before (no temp files to be found in folder).  MBAM temp files do get created but are transferred to the components and then deleted.  So it maybe that it found a file before deletion.  I do have a ticket into MBAM but all are away on training except for priority cases. So will wait and see from MBAM Support what's what though it would be really nice if NORTON Support looked into this issue and gave feedback on the issue.

1) Maximus VI Extreme - i7 4790K@4.0ghz,32gig,Gskill Trident X 2400,MSI R7970 Twin Frozr III Factory OC,Corsair 240g SSD, Corsair W/C H801,3TB Sam,Win10x64 2) Rampage II Extreme-i7 960@3.4ghz,24gig Kingston,MSI R7950 Twin Frozr III-3g,Corsair 240g SSD,2TB WD,Win10x64, NS, NU16, MBAM
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

For last post to this thread and solution.

MBAM Support reply : " We load temp files during start up and those should be deleted automatically. Either way, Norton needs to fix any items their software detects as threats, we cannot fix it. "

I believe that turning on MBAM self protection was the solution to the issue.

Regards to all that replied.

1) Maximus VI Extreme - i7 4790K@4.0ghz,32gig,Gskill Trident X 2400,MSI R7970 Twin Frozr III Factory OC,Corsair 240g SSD, Corsair W/C H801,3TB Sam,Win10x64 2) Rampage II Extreme-i7 960@3.4ghz,24gig Kingston,MSI R7950 Twin Frozr III-3g,Corsair 240g SSD,2TB WD,Win10x64, NS, NU16, MBAM
Kudos0

Re: NS scan finds malware in a Malwarebytes/temp file

Thanks for letting us know.

A little bit of knowledge is... well a little bit of knowledge.

This thread is closed from further comment. Please visit the forum to start a new thread.