I ran Emsisoft's "smart scan" and the above threat was detects.
More info:
File c:Windows\w7sbc\change.bat
File c:windows\w7sbc\restore.bat
This is from that program "Windows 7 Start Button Changer v 2.6" which is used by many people.
This must be a false positive?
I have not use Emsisoft to fix the issue yet, I would like some opinions please.
Malwarebytes
SuperAntiSpyware
Hitman Pro
MSE
all found nothing.
I have no personal experience with the program, but considering that MSE and MBAM didn't detect anything then I would say that it is probably clean. If you want to be sure, then upload the file that was detected to:
http://www.virustotal.com
This site will scan a file against the definitions of many different anti viruses, and you will be given a percentage of detections. This should be a good indicator as to whether it is a false positive or not.
Tom
Virustotal Report:
File c:Windows\w7sbc\change.bat
Ikarus T3.1.1.84.0 2010.06.16 Trojan.BAT.Delete
a-squared 5.0.0.26 2010.06.16 Trojan.BAT.Delete!IK
(All others did not detect anything)
File c:windows\w7sbc\restore.bat
a-squared 5.0.0.26 2010.06.16 Trojan.BAT.Delete!IK
Ikarus T3.1.1.84.0 2010.06.16 Trojan.BAT.Delete
(All others did not detect anything)
Opinions?
I believe it says a trojan, since the .bat file changes the system files(explorer.exe). You must be safe when MSSE and MBAM is guarding your computer.
Yes and the virutotal report has shown that the most reliable anti virus programs think that it is clean. I wouldn't worry about it.
If I were you, I would remove emisoft and just remain with MSE and MBAM, these two should protect your system sufficiently.
Tom
It appears to be a false positive.
Emsisoft are known for their very high detection rate at a cost to a high false positive rate.
"remove emsisoft" ?
why ?
sometimes you get a false positive, that happens with other antivirus-programs too...
yes, if Virustotal says those files are clean , then donīt worry about them.
RoloDman: what Emsisoft-program are using ?
if you are using a-squared, then add those 2 detected programs to the "whitelist".
problem solved...
malexous: "Emsisoft are known for their very high detection rate at a cost to a high false positive rate."
yes, a-squared has a very good detection-rate.
but where did you read about "high false positive rate" ?
on my computer a-squared has a very low false positive detection-rate, it only detected 1 single false positive,
my other A/V-programs detects a lot more.
i have some (safe) securitytest-programs in a folder that fx. makes MSE scream...
if you get too many false positives, then you can reduce the sensitivity,
and if you are worried it misses something, then you can also enhance the sensitivity.
RoloDman: you are welcome.
thanks for the rep.
perhaps you already know that a-squared has won a lot of awards ?
if not, then take a look at Emsisoft...
itīs very good at detecting, it also works very well together with other antivirus-programs.
previously i used a2-FREE together with Avira, but now iīm using a2-FULL,
actually itīs the only antivirus-program that iīve used for the last couple of months.
i also have Avast & MSE installed, but their realtime-protection is temporarily turned off,
as i wanted to see if i detected any difference in performance.
i regularly scan with Avast, MSE & MBAM just to see if a2 has missed something.
some info about a-squared, which i posted in another thread a few days ago:
"actually, a-squared (a2) has a lot better detectionrate than MBAM....
Whis is the Best? A-squared Free Vs Malwarebytes' Anti-Malware
Which is the Best? MBAM vs A-squared Part 2
"
"get both MBAM & a2.
no antivirus / antimalware-program can detect everything,
thatīs why itīs a very good idea to use several different programs to scan your computer."
for more info about security-programs take a look at my signature...
Quote