Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Medfos


  • Please log in to reply

#1
joseph456

joseph456

    Member

  • Member
  • PipPipPip
  • 455 posts
I ran Malwarebytes on one computer where it detected malware (Trojan.Medfos) at C:\Windows\System32\Stac97co.dll. I removed it as instructed. I then ran Malwarebytes on another computer and it detected the same malware in the exact same file.

When I went back to the first computer and ran MB again, it detected the same malware in a different folder but with the same identical file. These are files that date back to 2003 and are part of the Sigmatel Sound system for a Gateway M675.

Is it possible that Malwarebytes is detecting a false positive?

Also - can I copy this file stac97co.dll from one computer to another to replace the one I removed?

Thanks
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Pretty sure it's a false positive.

You should be able to restore the file from MBAM's Quarantine.

http://helpdesk.malw...from-Quarantine

Once you get the file back you can submit it to virustotal.com and see what they say about it. Probably 0/42 meaning it's definitely a false positive.

Ron
  • 0

#3
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks!

Ran it at Virustotal

SHA256: f49473812ff3e067ce3df47704209dcd8a84433dd43a952f14070ec03c26212f
File name: stac97co.dll
Detection ratio: 1 / 47
Analysis date: 2013-07-19 14:05:18 UTC ( 0 minutes ago )

Obviously, this was the only one in the list. All others were green checks

Malwarebytes Trojan.Medfos 20130719

Should I be concerned?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
No it's definitely a false positive.
  • 0

#5
joseph456

joseph456

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 455 posts
Thanks for the prompt response and the link to virustotal.com
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP