swissarmy.sys is no rootkit

Suddenly Avast 5 flags Malwarebytes (swissarmy.sys is a wellknown part of Malwarebytes) as rootkit.
Please look at last virusebase 100418-1.
Thank you very much.
Tevion

i have MBAM but i cannot see any mbamswissarmy.sys in my system.

even in find anything.

call the attention of mbam furom if this thing is the part of mbam.

Edit: Sorry my mistakes :-X . Confirm its the driver system of mbam. snd as false positive to virus lab.
Thanks!!! for information ;D

Regards!!

It’s a false positive on avast 5’s part.

Click Advanced and then check submit file to Alwil.

No problem on my Windows 7 system.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4005

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/18/2010 1:56:35 PM
mbam-log-2010-04-18 (13-56-35).txt

Scan type: Quick scan
Objects scanned: 107934
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

@ bong2x

Your signature is not helpful:
always think best for you and for other!!

Yes, I have had this once as well.

Basically I think it is down to the fact that it is a hidden service, and also that it is accessing files (it is part of the scanning engine of MBAM IIRC)

@ Tevion
I don’t use the pro version of MBAM, so I can’t check, but YoKenny does have the pro version.

Have you got the latest MBAM program version, 1.45 ?

More importantly do as suggested in your Image, Ignore and allow the file to be sent to avast for analysis.

I don’t have the pro version and I have had the alert before.

IIRC it was just after a scan with MBAM and avast! did a rootkit scan? (Does it still scan on boot?)

The rootkit scan happens 8 minutes after boot as far as I’m aware. What I can’t see is how the MBAM free would be running a hidden service on boot for what is an on-demand scanner.

I don’t have mbamswissarmy.sys running at any time in the free version even when starting MBAM. There is only mbam.exe in the Task Manager when I run it and no mbamswissarmy.sys in process explorer or services.msc.

Well, I think if the rootkit scan still runs in 5, then it may have been a matter of timing for me then…was a while ago though…

Would Process Monitor show a hidden service, as shown in the image?

From what I remember reading around the MBAM forum, it is used in scanning…(could be wrong though…)

I used to have pop ups about mbamswissarmy.sys on Vista but I do not on Windows 7.

I had to Ignore a setting in Windows 7 that was not the default.

Check out:
b[/b]
http://forums.malwarebytes.org/index.php?showtopic=7653

its not hidden :wink:

yokenny sorry for not putting my system in my sig. maybe someday :wink:

here is the prove that it is part of MBAM the pic below

Regards!!!

Sorry but your wrong, the OPs alert is about a hidden service and not about a hidden file.

So the proof isn’t proving anything as it is about something entirely different.

Thanks to everyone for the advice.
This message was probably unique.
The error may have been adjusted with the subsequent update of Avast 5 data base.
@ DavidR
yes I had used that date version 1.45 and I had sent the file to Avast.

Tevion

Thanks for the feedback.