Strange results from MBAM

[wasted]

"Andy Walker" <awalker@nspank.invalid> wrote in message
news:49415fd2.67919046@news.webtv.com...
> wasted wrote:
>
>>
>>
>>"Andy Walker" <awalker@nspank.invalid> wrote in message
>>news:493fb161.344733921@news.webtv.com...
>>> wasted wrote:
>>>
>>>>Just discovered from a sequence of Googling that a folder named as
>>>>"Protection" is created by some malware or other, which is why it is
>>>>flagged. Renaming my folder has stopped it being flagged.
>>>
>>> Where was the folder located? I've seen more than a few people come
>>> in to the group asking about this and it would be good information to
>>> have for the next request...
>>>
>>>
>>> It's odd that renaming a folder could change a registry setting...
>>> unless there is a program in memory that monitors the folder and makes
>>> the registry change. I suppose MBAM could be reporting a false
>>> positive based on what it thinks the registry entry would be if the
>>> folder existed... which seems to me to be a bug if that's the case.
>>>
>>> Thanks,
>>> Andy
>>See my original post Andy - the location is mentioned already. It is, or
>>was, off
>>the Start menu folder.
>
> Ok, but that could mean a number of different locations depending upon
> what you mean by "start menu". You also have (at least) two different
> locations where the folder could reside "All Users" and "current_user"
> are two of the most used. If you don't know the exact location then
> that's fine, I just thought it would be useful to know the exact
> location.
>
>> I hadn't seen any previous references here (if by
>>"here" you mean alt.privacy.spyware). I only found one reference to it
>>elsewhere through Googling.
>
> The reply I originally gave you was a cut-and-paste from one of my
> prior posts on the subject. It's possible that the x-no-archive flag
> was set on the post, though, because I normally honor the x-no-archive
> when responding. That would remove it from Google after a few days.

Ah - didn't think about there being a Start Menu for other users - because
I'm the only user so never see that

the full path was C:/Program Data/Microsoft/Windows/Start
Menu/Programs/Protection

[Dustin Cook]

Andy Walker <awalker@nspank.invalid> wrote in news:493fb161.344733921
@news.webtv.com:

> wasted wrote:
>
>>Just discovered from a sequence of Googling that a folder named as
>>"Protection" is created by some malware or other, which is why it is
>>flagged. Renaming my folder has stopped it being flagged.
>
> Where was the folder located? I've seen more than a few people come
> in to the group asking about this and it would be good information to
> have for the next request...
>
>
> It's odd that renaming a folder could change a registry setting...
> unless there is a program in memory that monitors the folder and makes
> the registry change. I suppose MBAM could be reporting a false
> positive based on what it thinks the registry entry would be if the
> folder existed... which seems to me to be a bug if that's the case.
>
> Thanks,
> Andy
>

Well, If I wasn't killfiled by you, I'd explain what's going on. But,
no it's not a bug.


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org