Jump to content
Sign in to follow this  
Followers 0
spevit

MpKsl65649bbb.sys - False Positive?

By spevit, in False Positives

Recommended Posts

spevit   

spevit
Posted

Hi

 

A customer on Microsoft Answers has dectected a Rootkit whlie scanning with AVG.

Now I wasn't sure if it was a real thread, so I recommended a scan with the free version of SuperAntiSpyware.

The final results of SAS didn't found a thread. The customer started a second scan with AVG, but there was nothing to be found in the scan results.

The directory of the file is: "C:\Windows\System32\MpEngineStore\MpKsl65649bbb.sys". At least, it is not a Windows default driver/file.

 

Any suggestion of this driver is save? There is no information stored on the internet about this.

 

 

 

Share this post

Link to post
Share on other sites

GuiltySpark   

GuiltySpark
Posted

Hi spevit,

 

I would say its likely a FP as the only time I've seen anything like that was when running MSE (Microsoft Security Essentials) have the person check to see if they are running or have run any other AV program as remnants may still be there.

 

DDS is a good program to see what's running behind the scenes :)

Share this post

Link to post
Share on other sites

spevit   

spevit
Posted

Hi GuiltySpark,

Thanks for your fast reply.

 

I'll forward the details to the customer.

I will let you know the results.

 

Thanks again.

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0
Go To Topic Listing False Positives
×