miekiemoes

Hi, This will be reviewed. Thanks for reporting!

Hi, Please see here for more info: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/

Hi, Thanks for reporting. This should be fixed now.

Hi, It looks like this file was blocked only and not deleted/quarantined. Is there any possibility you don't have internet connection on that computer? This since in order to make a final determination of the file, it requires internet connection. In case there's no internet connection available, Malwarebytes blocks the file only (because of suspicious behavior) to use the better safe than sorry approach. So I suggest you temporary disable the malwarebytes antiransomware component from the system tray. (rightclick malwarebytes icon and select to disable ransomware protection) Then reboot, as this unlocks the file again. After reboot, I suggest that you add an exclusion for this file for the Antiransomware engine. * To add the exclusion, open Malwarebytes > Settings > Exclusions tab * Below, click the button: "Add Exclusion" * Then, select "Exclude a File or Folder" (this should be prechecked already by default) * Click Next * You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. In your case: C:\Program Files (x86)\Neat\exec\Neat.exe * For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) * Then click the OK button below. Then enable Malwarebytes Antiransomware again.

Hi, This has been fixed, so it's no longer detected.

Thanks. This is a false positive indeed - behavorial detection. This is whitelisted now.

Hi, Just temporary disable the antiransomware component. You can do this via the system tray, right click the malwarebytes icon and select to disable antiransomware. Then add the file to your exclusions: * To add the exclusion, open Malwarebytes > Settings > Exclusions tab * Below, click the button: "Add Exclusion" * Then, select "Exclude a File or Folder" (this should be prechecked already by default) * Click Next * You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude. * For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already) * Then click the OK button below. Then reboot, as that unlocks the file again, so you can zip and attach it. Then enable malwarebytes antiransomware again.

Hi, Can you zip and attach the Hades.exe file? Thanks!

Hi, Detection will stay, since this is a gamehack/crack which is often exploited by malware. If you want to keep this, I suggest you add an exclusion for above file.

Hi, It seems like this was fixed yesterday already. If you are still getting a detection, Quit malwarebytes from the systemtray. Then navigate to the following folder: C:\ProgramData\Malwarebytes\MBAMService In there, locate the file HubbleCache and delete it. Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Hi, We need more info, so can you zip and attach the exact file that was detected? Alternatively, please send it via Private message to me in case you don't want to attach it here. Normally exclusions should work though, so maybe you've done something wrong while excluding it? https://support.malwarebytes.com/docs/DOC-1130 Thanks!!

Hi, This should have been fixed already. Thanks for reporting!!

new Database is out: MBAM2 Version: v2019.07.04.11 MBAM3 Version: 1.0.11406 So please unquarantine and update. Thanks!!

Yes, we found the culprit. Just unquarantine again and wait until next database update. @Mikebob, can you post the malwarebytes detection log please, where it shows the C:\WINDOWS\SYSWOW64\IMAGERES.DLL Because it really helps us faster with logs. Thx!

Hi, We think we found the culprit what is causing this. Next database that should go out in a bit will solve this. Please restore that key from unquarantine again and wait till next database update.