FYI !!!!!!!!
I received the following report on from Panda Cloud Cleaner from a scan performed on 8/9/2015 (today).
Malware. FILE: C:\WINDOWS\SYSTEM32\DRIVERS\ATHW10X.SYS to be deleted.
Malware. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\athr. Key to be deleted.
Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE. Key to be deleted.
Malware. REGKEY: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE. Key to be deleted.
The first two items in the report are likely related to the Qualcomm Atheros. I've included some information on what these two items likely pertain to:
File name: athw10x.sys
Publisher: Qualcomm Atheros Communications, Inc. (signed by WDKTestCert qcaswbld)
Product: Driver for Qualcomm Atheros CB42/CB43/MB42/MB43 Network Adapter
Description: Qualcomm Atheros Extensible Wireless LAN device driver
I performed an identical scan yesterday with the same results, hit clean and inadvertently deleted my WiFi driver. I didn't perform the needed due diligence.
The second two items, having done a minor amount of searching, likely pertain to the following:
MRT.exe is the Windows Malware Removal Tool and msmpeng.exe is the Microsoft Malware Protection Engine, both of them are, from my understanding, parts of Windows Defender. I would say it's safe to assume that these are false positives.
I look forward to participating in this forum as I have today.
edit: minor syntax
[SOLVED] Possible false positives on scan performed on 8/9/2015
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: Possible false positives on scan performed on 8/9/2015
Can you provide us a password compressed copy of the C:\WINDOWS\SYSTEM32\DRIVERS\ATHW10X.SYS file?
Regarding the other detections, I would say that they are correct as many the references used in HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ can be used to "hijack" the referenced file (in this case MRT.exe and MSMPENG.exe) and run other file instead when they are invoked.
These keys shouldn't be there
Regarding the other detections, I would say that they are correct as many the references used in HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ can be used to "hijack" the referenced file (in this case MRT.exe and MSMPENG.exe) and run other file instead when they are invoked.
These keys shouldn't be there
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: Possible false positives on scan performed on 8/9/2015
Is your operating system Windows 10? In that case the registries detected are not malicious
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Re: Possible false positives on scan performed on 8/9/2015
I had the same problem just two days ago with a pc recently updated to Windows 10. I also got false positives in system files MRT.EXE and MSMPENG.EXE. Probably Panda Cloud Cleaner has not been updated to support Windows 10, and those files signatures are different from what Panda Cloud Cleaner is expecting.
This pc where I got those false positives is an isolated pc that is only used for homebanking, no other activity on it, like emailing or bowsing. So I am quite sure that pc is clean. Previous runs with Panda Cloud Cleaner in previous Windows 7 o.s. always gave zero malware, the same with other security tools.
This pc where I got those false positives is an isolated pc that is only used for homebanking, no other activity on it, like emailing or bowsing. So I am quite sure that pc is clean. Previous runs with Panda Cloud Cleaner in previous Windows 7 o.s. always gave zero malware, the same with other security tools.
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: Possible false positives on scan performed on 8/9/2015
We have updated the PCC signatures to correct the issue, so these elements won't be detected again in a new scan
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them