Does my malware finder have malware?
June 8, 2016 8:14 AM   Subscribe

I installed Malwarebytes on my home machine, and it immediately found what it identified as a Trojan inside its own folder. I'm trying to figure out whether this could be a conflict with Norton, or whether it's something worse.

So this is weird.

I have Norton 360 on my home computer, which has always worked fine for me. I don't download much, I'm not a very adventurous person when it comes to files. I keep everything updated, etc. But I've also occasionally used MalwareBytes on other machines as a kind of auxiliary cleaner to get junk off of systems. I've actually never had it find a virus or anything serious before; it finds PUPs and stuff.

Today, while I'm not working, I thought I'd run a Malwarebytes scan of my home machine. Downloaded the free version (I thought?), ran a scan. And it found what it called "Trojan.agent.enm," which was pretty alarming. Except that/and also the file where it supposedly was was a Malwarebytes file. In other words, it was in a file in the Malwarebytes folder in my Program Files (I'm on Windows 10). It claimed to have successfully removed or quarantined it (I don't remember which, and I'll caution you I reflexively removed Malwarebytes from my machine, which of course means I don't have the log. Forgive me; I panicked).

I also ran a Norton quick scan (while the Malwarebytes was finishing up, so it hadn't done the quarantine or removal yet), and Norton identified a "downloader" in the Malwarebytes folder, which it also removed. I believe it was the same file.

I rebooted and am now running a Norton full system scan.

I totally get that there can be conflicts between antivirus and antimalware programs; apparently the real-time scanning part of the full Malwarebytes thing can cause conflicts with Norton and that's a known issue. I get that running them at the same time was particularly rookie of me. But is it possible for those conflicts to cause Malwarebytes to identify a file in its own directory -- which I had installed about two minutes earlier -- as a trojan? This makes no sense to me.

As I said, I don't have all the information I should; I freely admit I uninstalled Malwarebytes like the "NOPE" octopus when this popped up. I've never had a serious infection issue (knock all the wood) and it's a little freaky. If the full scan from Norton comes back okay, should I relax, or should I throw the computer out the window and burn my desk?
posted by Linda_Holmes to Computers & Internet (9 answers total) 2 users marked this as a favorite
Where did you download malwarebytes from? Did you go to or ?
posted by I-baLL at 8:16 AM on June 8, 2016

Oh yes, from
posted by Linda_Holmes at 8:17 AM on June 8, 2016

Update: Norton full scan was totally clean.
posted by Linda_Holmes at 8:26 AM on June 8, 2016

Had you ever had MalwareBytes on your machine? If not, it could have been something that previously got on your machine and hid in plain sight making you think it was a problem with MBAM when it really wasn't.
posted by deezil at 8:30 AM on June 8, 2016

Try going to:

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

and see if that location still exists and if there are log files there.
posted by I-baLL at 8:30 AM on June 8, 2016

Nope, seems to have been removed in the uninstall.

Had you ever had MalwareBytes on your machine? If not, it could have been something that previously got on your machine and hid in plain sight making you think it was a problem with MBAM when it really wasn't.

I don't think that would cause MalwareBytes, on its own, to identify a Trojan during the first scan as being located inside its own Program Files folder?
posted by Linda_Holmes at 8:37 AM on June 8, 2016

If the file was found in the quarantine folder, that is correct behavior on MWB's part - it's going to take the file out and place it in a folder for removal once you give it permission. This is in case it found a false positive and the removal of the file causes system problems - it provides a way to put the file back.

It's extremely common for AV software like Norton to report clean where MWB finds things. The two types of software look for slightly different things, and MWB tends to err more on the side of cleaning things that might not really be all that bad or dangerous, but fit the profiles they've set up. I've never, ever had it remove anything that caused a problem thereby, however.

I've used MWB and really recommend it. If you have an actual problem, like it sounds you might, I'd spring for the paid/premium version, because it provides some more tools to eradicate viruses and malware with less user intervention, whereas the fix for an infection on a "DIY" basis is often insanely complicated and involves mucking around in your register and doing other kind of dangerous stuff in your system if you zig where you should have zagged (besides helping support the development of the software).

trojan.agent.enm is bad stuff, based on the googling I did, so I would take this pretty seriously.

You might get more specific advice from people who live for this sort of thing either here or by starting a new thread at the MWB forum:

posted by randomkeystrike at 10:11 AM on June 8, 2016 [1 favorite]

The MBAM help person says it's the Norton/MBAM conflict.

Wasn't in the quarantine folder; nothing had been quarantined yet. This was the initial scan. I've used MBAM before; it doesn't typically give its own folder as the source of a Trojan the first time you see it.

Not a case where MBAM found something and Norton didn't. Norton flagged the same file. Whatever it was, Norton spotted it also, but diagnosed it slightly differently as "downloader" with no specific ID.

I'm asking MBAM help to confirm their diagnosis. Thanks for your help.
posted by Linda_Holmes at 11:24 AM on June 8, 2016

Closing the loop for the curious: MalwareBytes support tells me this is indeed the conflict between Norton and MalwareBytes, and that they see it regularly. Norton creates these bunchofnumbers.tmp files inside the MalwareBytes folder during its scanning and monitoring when the programs aren't set up correctly to acknowledge each other. Then both programs spot them as malicious and it creates, as the support person told me, this "round robin."

This makes sense to me and I'm closing the question.
posted by Linda_Holmes at 11:45 AM on June 8, 2016 [2 favorites]

« Older Soothing musical loops   |   Looking for dog foster care Newer »
This thread is closed to new comments.