Hi,
I have just been notified by avast that BMMTASK.EXE has been identified as a Win32:Malware-Gen on my 10 year old IBM Thinkpad. Googling reveals that this is the battery monitor task and I suspect a FP. How can I verify whether or not this is the case.
I have left it in the Virus Chest for now
Cheers
Baz
Scan the file at www.virustotal.com and posts results.
I am going to get virustotal to rescan but it seems to take a while
Rescanned
Antivirus Version Last Update Result
AhnLab-V3 2011.02.26.00 2011.02.25 -
AntiVir 7.11.3.240 2011.02.25 -
Antiy-AVL 2.0.3.7 2011.02.26 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.02.23 -
AVG 10.0.0.1190 2011.02.26 -
BitDefender 7.2 2011.02.26 -
CAT-QuickHeal 11.00 2011.02.26 -
ClamAV 0.96.4.0 2011.02.26 -
Commtouch 5.2.11.5 2011.02.25 -
Comodo 7812 2011.02.26 -
DrWeb 5.0.2.03300 2011.02.26 -
Emsisoft 5.1.0.2 2011.02.26 -
eSafe 7.0.17.0 2011.02.24 -
eTrust-Vet 36.1.8184 2011.02.25 -
F-Prot 4.6.2.117 2011.02.25 -
F-Secure 9.0.16160.0 2011.02.26 -
Fortinet 4.2.254.0 2011.02.26 -
GData 21 2011.02.26 Win32:Malware-gen
Ikarus T3.1.1.97.0 2011.02.26 -
Jiangmin 13.0.900 2011.02.26 -
K7AntiVirus 9.90.3967 2011.02.25 -
Kaspersky 7.0.0.125 2011.02.26 -
McAfee 5.400.0.1158 2011.02.26 -
McAfee-GW-Edition 2010.1C 2011.02.26 -
Microsoft 1.6603 2011.02.26 -
NOD32 5908 2011.02.25 -
Norman 6.07.03 2011.02.25 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.25 -
PCTools 7.0.3.5 2011.02.25 -
Prevx 3.0 2011.02.26 -
Rising 23.46.04.05 2011.02.25 -
Sophos 4.61.0 2011.02.26 -
SUPERAntiSpyware 4.40.0.1006 2011.02.26 -
Symantec 20101.3.0.103 2011.02.26 -
TheHacker 6.7.0.1.140 2011.02.26 -
TrendMicro 9.200.0.1012 2011.02.26 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.26 -
VBA32 3.12.14.3 2011.02.25 -
VIPRE 8541 2011.02.26 -
ViRobot 2011.2.26.4331 2011.02.26 -
VirusBuster 13.6.222.1 2011.02.25 -
Additional informationShow all
MD5 : 949590bcd786905e04c653021bc84610
SHA1 : a1acc2510ee73b556cd795c36c411a328bc35cc4
SHA256: 0b39f6dead7dc0835881ed8db6edcb0556dc8e35fc04a00c4305848a836d14d8
ssdeep: 384:V4aj7SxbG+03YIbNVMEmlY+HC5yygqJMhwoSu+Gw:VixbG+uYmVM4ydYMhwo
File size : 28672 bytes
First seen: 2009-03-02 16:18:21
Last seen : 2011-02-26 09:33:31
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher…: n/a
copyright…: n/a
product…: n/a
description…: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…: n/a
signers…: -
signing date.: -
verified…: Unsigned
PEiD: Armadillo v1.71
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x22A6
timedatestamp…: 0x42660BCB (Wed Apr 20 07:59:07 2005)
machinetype…: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3B2E, 0x4000, 6.24, d2c5225379d38643110e24203e7a30fb
.rdata, 0x5000, 0x9CE, 0x1000, 3.82, 78f87729f8f1db7801769e0283cb616a
.data, 0x6000, 0xDFC, 0x1000, 2.26, 4f9daff0be3a07bc22db9dc01d9c6649
[[ 3 import(s) ]]
KERNEL32.dll: MapViewOfFile, lstrcpyA, CreateFileMappingA, CloseHandle, OpenMutexA, LoadLibraryA, lstrcatA, ExitProcess, FreeLibrary, Sleep, GetProcAddress, UnmapViewOfFile, WinExec, GetSystemPowerStatus, GetStartupInfoA, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, LCMapStringW, GetStringTypeW, MultiByteToWideChar, LCMapStringA, VirtualAlloc, HeapAlloc, HeapReAlloc, GetModuleHandleA, lstrcmpA, GetCommandLineA, GetVersion, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, VirtualFree, HeapCreate, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, GetACP, GetOEMCP, HeapFree, RtlUnwind, WriteFile, GetCPInfo
USER32.dll: TranslateMessage, DispatchMessageA, GetMessageA, RegisterClassExA, FindWindowA, DefWindowProcA, KillTimer, wsprintfA, CreateWindowExA, SetTimer
ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA
ExifTool:
file metadata
CodeSize: 16384
EntryPoint: 0x22a6
FileSize: 28 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 8192
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2005:04:20 09:59:07+02:00
UninitializedDataSize: 0
Why not do it easy and just post the link ???
VirusTotal - BMMTASK.EXE - 1/43
http://www.virustotal.com/file-scan/report.html?id=0b39f6dead7dc0835881ed8db6edcb0556dc8e35fc04a00c4305848a836d14d8-1298654418
Thanks for pointing out my Noob mistake but it still leaves me unclear as to whether this is a FP
I think it is a FP, since GData is the only one detecting, and they use Bitdefender and avast virus engine and they do not detect…
so i guess it is just GData that is late with an update for the avast virus engine…
So if you wait a couple of hours and do a new VT scan, it is probably gone…
if you run a manual update of avast, then right click the file in chest and scan again…
what is the result?
weird is thing, that the avast on virustotal didn’t detect It, but Gdata that uses avast! engine is detecting that. Try to rescan It with malwarebytes but I think that it’s FP.
Most likely that their (VT) copy of GDATA doesn’t have the latest avast definitions as the main avast ones on VT don’t alert.
So Baz8755 should ensure that he has the latest virus definitions and rescan the file in the chest.
Rating: Trustworthy
IBM/Lenovo Thinkpad Battery MaxiMiser and Power Management
Are you aware of this information?: http://www-307.ibm.com/pc/support/site.wss/MIGR-51268.html
Only avast flagged it what could have been an indication of a FP, see:
http://201088www.virscan.org/report/b2148b18871a8100e9240d6918a9f09c.html
Also consider this info: http://www.runscanner.net/lib/BMMTASK.EXE.html
polonus
This false positive alert has been already fixed today in VPS 110226-0
Rescanned, all showing ok, restored
All systems go.
If only I could say the same for the sandbox issues introduced in V6 