[SOLVED] Possible false positives on scan performed on 8/9/2015

[chango369]

FYI !!!!!!!!

I received the following report on from Panda Cloud Cleaner from a scan performed on 8/9/2015 (today).

Malware. FILE: C:\WINDOWS\SYSTEM32\DRIVERS\ATHW10X.SYS to be deleted.

Malware. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\athr. Key to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE. Key to be deleted.

Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE. Key to be deleted.

The first two items in the report are likely related to the Qualcomm Atheros. I've included some information on what these two items likely pertain to:

File name: athw10x.sys
Publisher: Qualcomm Atheros Communications, Inc. (signed by WDKTestCert qcaswbld)
Product: Driver for Qualcomm Atheros CB42/CB43/MB42/MB43 Network Adapter
Description: Qualcomm Atheros Extensible Wireless LAN device driver

I performed an identical scan yesterday with the same results, hit clean and inadvertently deleted my WiFi driver. I didn't perform the needed due diligence.

The second two items, having done a minor amount of searching, likely pertain to the following:

MRT.exe is the Windows Malware Removal Tool and msmpeng.exe is the Microsoft Malware Protection Engine, both of them are, from my understanding, parts of Windows Defender. I would say it's safe to assume that these are false positives.

I look forward to participating in this forum as I have today.

edit: minor syntax

[VirusBuster]

Can you provide us a password compressed copy of the C:\WINDOWS\SYSTEM32\DRIVERS\ATHW10X.SYS file?

Regarding the other detections, I would say that they are correct as many the references used in HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ can be used to "hijack" the referenced file (in this case MRT.exe and MSMPENG.exe) and run other file instead when they are invoked.

These keys shouldn't be there

[VirusBuster]

Is your operating system Windows 10? In that case the registries detected are not malicious

[martago]

I had the same problem just two days ago with a pc recently updated to Windows 10. I also got false positives in system files MRT.EXE and MSMPENG.EXE. Probably Panda Cloud Cleaner has not been updated to support Windows 10, and those files signatures are different from what Panda Cloud Cleaner is expecting.
This pc where I got those false positives is an isolated pc that is only used for homebanking, no other activity on it, like emailing or bowsing. So I am quite sure that pc is clean. Previous runs with Panda Cloud Cleaner in previous Windows 7 o.s. always gave zero malware, the same with other security tools.

[VirusBuster]

We have updated the PCC signatures to correct the issue, so these elements won't be detected again in a new scan