The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Advice needed please rootkit or false positive?

    Discussion in 'Security and Anti-Virus Software' started by Dealz, Aug 3, 2012.

  1. Dealz

    Dealz Notebook Enthusiast

    Reputations:
    0
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    5
    Hello,

    Malwarebytes has detected this Winflash.sys as a Rootkit.Necurs

    Is this right? or is it a false positive?

    The file is located here:

    C:\Program Files (x86)\Lenovo\System Update\session\8buj14us\WinFlash.sys

    I'm pretty sure it's a false positive as i keep my Lenovo as clean as possible & don't visit dodgy sites etc but i quarantined the file anyway just in case.

    Thanks in advance.
     
    Dealz, Aug 3, 2012
    #1
  2. TANWare

    TANWare Just This Side of Senile, I think. Super Moderator

    Reputations:
    2,548
    Messages:
    9,585
    Likes Received:
    4,997
    Trophy Points:
    431
    The file itself is for bios flashing................
     
    TANWare, Aug 3, 2012
    #2
  3. Baserk

    Baserk Notebook user

    Reputations:
    2,503
    Messages:
    1,794
    Likes Received:
    1
    Trophy Points:
    56
    Plenty of Google hits indeed mentioning the 8buj14us\WinFlash.sys file, being the official Lenovo BIOS flash utility.
    But as the W520 is sold plenty, I'd expect it to be recognized by Malwarebytes'Antimalware.
    Why not report the file as a FP on the MBAM forum to be sure? Let them analyze the file and you'll help fellow W520 users also. MBAM false positive forum page link
     
    Baserk, Aug 4, 2012
    #3
  4. Dealz

    Dealz Notebook Enthusiast

    Reputations:
    0
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    5
    Thank you both for your replies.

    Thank you for the link, i'll do that.
     
    Dealz, Aug 6, 2012
    #4
  5. Sanage

    Sanage Notebook Enthusiast

    Reputations:
    0
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    5
    Hello,
    You can confirm whether it is a false positive by uploading the file to virustotal.com for analysis.
     
    Sanage, Aug 24, 2012
    #5