Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Medfos


  • Please log in to reply

#1
joseph456

joseph456

    Member

  • Member
  • PipPipPip
  • 345 posts
I ran Malwarebytes on one computer where it detected malware (Trojan.Medfos) at C:\Windows\System32\Stac97co.dll. I removed it as instructed. I then ran Malwarebytes on another computer and it detected the same malware in the exact same file.

When I went back to the first computer and ran MB again, it detected the same malware in a different folder but with the same identical file. These are files that date back to 2003 and are part of the Sigmatel Sound system for a Gateway M675.

Is it possible that Malwarebytes is detecting a false positive?

Also - can I copy this file stac97co.dll from one computer to another to replace the one I removed?

Thanks
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Pretty sure it's a false positive.

You should be able to restore the file from MBAM's Quarantine.

http://helpdesk.malw...from-Quarantine

Once you get the file back you can submit it to virustotal.com and see what they say about it. Probably 0/42 meaning it's definitely a false positive.

Ron
  • 0

#3
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts
Thanks!

Ran it at Virustotal

SHA256: f49473812ff3e067ce3df47704209dcd8a84433dd43a952f14070ec03c26212f
File name: stac97co.dll
Detection ratio: 1 / 47
Analysis date: 2013-07-19 14:05:18 UTC ( 0 minutes ago )

Obviously, this was the only one in the list. All others were green checks

Malwarebytes Trojan.Medfos 20130719

Should I be concerned?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
No it's definitely a false positive.
  • 0

#5
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 345 posts
Thanks for the prompt response and the link to virustotal.com
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP