- Jan 7, 2014
- 34
- 0
- 10,580
I have noticed on my desktop and my laptop a lot of the time when MBAM Threat Scan is scanning system files, it appends :WofCompressedData (or :WofCompressedData:WofCompressedData) to the end of many (but not all) system files (see http
/imgur.com/a/FpQ2D). It never finds these files to be infected.
A couple weeks ago, I had a bit of malware paranoia, so I did sever MBAM scans on my desktop and I found this problem. A couple days ago, I noticed the issue on my laptop too. I haven't had any file transfers between the two, so I am not sure what caused it to show up.
When Kaspersky does a full scan or when I do a Microsoft Safety Scanner scan (which basically is supposed to act as a standalone full scanner to use as a second opinion), when they scan those same files, it does not append :WofCompressedData to anything (they do append :Zone.Identifier on many image files, but everything seems to append that when it is relevant). What's even more interesting is that when I do an MBAM right-click scan of any given system folder I will not find :WofCompressedData even if the threat scan scans it
Nothing is finding any infections on either of my machines (not even analyses of FRST logs or AdwCleaner), so if I have something it would have had to independently propagated on both machines and be extremely difficult to catch.
So my question is, why is MBAM scanning :WofCompressedData when nothing else is?
(One person on the web had noticed that Avast scanned a file with WofCompressedData too, but I am not sure if that just means avast and MBAM use similar scanning mechanisms)
/imgur.com/a/FpQ2D). It never finds these files to be infected.A couple weeks ago, I had a bit of malware paranoia, so I did sever MBAM scans on my desktop and I found this problem. A couple days ago, I noticed the issue on my laptop too. I haven't had any file transfers between the two, so I am not sure what caused it to show up.
When Kaspersky does a full scan or when I do a Microsoft Safety Scanner scan (which basically is supposed to act as a standalone full scanner to use as a second opinion), when they scan those same files, it does not append :WofCompressedData to anything (they do append :Zone.Identifier on many image files, but everything seems to append that when it is relevant). What's even more interesting is that when I do an MBAM right-click scan of any given system folder I will not find :WofCompressedData even if the threat scan scans it
Nothing is finding any infections on either of my machines (not even analyses of FRST logs or AdwCleaner), so if I have something it would have had to independently propagated on both machines and be extremely difficult to catch.
So my question is, why is MBAM scanning :WofCompressedData when nothing else is?
(One person on the web had noticed that Avast scanned a file with WofCompressedData too, but I am not sure if that just means avast and MBAM use similar scanning mechanisms)
Facebook
Twitter