I scan my computer with MBAM every 3 days. Today it started picking up this from the Absolute Poker install directory. The last scan I did prior to today was on Jan 30, 2012 in which everything was clean.


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.02.02.04

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
User :: USER-PC [administrator]

2/2/2012 10:58:35 AM
mbam-log-2012-02-02 (12-54-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 514184
Time elapsed: 1 hour(s), 2 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Absolute Poker (Trojan.Agent) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Poker Application\Absolute Poker\CasinoUninstall.exe (Trojan.Agent) -> No action taken.
C:\Poker Application\_uninstallation_info\Absolute Poker\CasinoUninstall.exe (Trojan.Agent) -> No action taken.

(end)


Is anyone else picking this up with their MBAM?

This looks like a standard false positive

or

MBAM thinks that peeking holecards is a characteristic of a trojan

Don´t worry about it.

I ran a full scan and it found nothing.

Should I be worried about MBAM picking up the AP Registry Key as being malicious? Never encountered a FP before with a registry key, so not really sure what to make of it.

Are you using the latest MBAM database update?
Could you scan just the AP install folder and post the log here?

I got 2 Cereus detections, too, this morning from MBAM:

C:\Application\UltimateBet\CasinoUninstall.exe
C:\Poker Application\Absolute Poker\CasinoUninstall.exe

This hasn't happened before, but it has been a while since I've updated the software from all the sites where I (used to) play. If I'm not even accessing poker clients, can they still be a security threat?

Lately Avira has also been showing some Cake skins on my computer as being infected, FWIW. I don't know for sure whether any of these problems are just false positives, though. (I keep Secunia PSI's score at 100% religiously, so I'm especially surprised to suddenly see several detections seemingly from out of nowhere.)

I posted this over to the MBAM false positive forum as well.

http://forums.malwarebytes.org/index...owtopic=105681

Can you post the MBAM log here?

Database version: v2012.02.03.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Brice :: BRICE-PC [administrator]

2/3/2012 2:31:18 AM
mbam-log-2012-02-03 (02-31-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 425710
Time elapsed: 2 hour(s), 26 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Application\UltimateBet\CasinoUninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Poker Application\Absolute Poker\CasinoUninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Update:

Just updated MBAM again today and scanned again (with Database version: v2012.02.03.11) and MBAM is no longer detecting those 3 things.