Jump to content

miekiemoes

Staff
  • Content Count

    9,419
  • Joined

Everything posted by miekiemoes

  1. new Database is out: MBAM2 Version: v2019.07.04.11 MBAM3 Version: 1.0.11406 So please unquarantine and update. Thanks!!
  2. Yes, we found the culprit. Just unquarantine again and wait until next database update. @Mikebob, can you post the malwarebytes detection log please, where it shows the C:\WINDOWS\SYSWOW64\IMAGERES.DLL Because it really helps us faster with logs. Thx!
  3. Hi, We think we found the culprit what is causing this. Next database that should go out in a bit will solve this. Please restore that key from unquarantine again and wait till next database update.
  4. Can you post the malwarebytes log please? Please post the log from latest version of malwarebytes. It might be a valid detection though, where malware adjusted the Winlogon|Userinit valuedata, so when we detect, we replace it again with the correct data.
  5. Hi, That's the valuedata under the winlogon key, we target when the default data userinit.exe isn't properly set, but hijacked. However, given you run a way out of dated version of Malwarebytes here (1.75.0.1300), please update malwarebytes to the latest version: https://www.malwarebytes.com/premium/, run a scan again and post the new malwarebytes log here, as that might show a lot more info. Additionally, real old versions of Malwarebytes are less stable than recent versions, plus, detection rate is 50% less than current Malwarebytes versions. Hence why updating is recommended, as you aren't protected from latest threats anyway with this real old version you are having.
  6. Hi, We are not aware of this false positive. Can you post the malwarebytes log please? Also, what was the detection? Edited to add, userinit.exe is whitelisted, so it's most probably a userinit.exe file not located in system32 folder, a malicious file, but using userinit.exe as a name (as we see this all the time)
  7. Hi, This is a false positive indeed and will be fixed in next database update. Thanks for reporting!!
  8. Hi, Detection will be adjusted to Potentially Unwanted instead, as it bundles additional software.
  9. Thanks! This is a false positive indeed and will be fixed in next database update. Thanks for reporting!!
  10. Hi, Can you zip and attach the atistclk.dll here? Or alternatively, since you already uploaded that one to Virustotal, can you post the virustotal link? Thanks!
  11. Can you zip and attach the exact files that are detected? Because I don't get any detection here, so I believe that the files detected aren't the exact same as the ones you've attached.
  12. Hi, Is this the log from the affected endpoint itself? Because this was fixed in database version v2019.06.15.02 already. Can you open the Malwarebytes user interface on the affected client and check there? Alternatively, can you look in the same folder where you got this system log and get the scan log from that endpoint? This should show the exact detection and database version as well.
  13. Hi, Can you check/verify the database version from the affected Client? As this one might still have an older database version. Thanks!
  14. Hi, Normally not, as the machinelearning engine learns from these files and will automatically use additional logic to not detect.
  15. Hi, We weren't detecting any of the files attached. But I've added them to the whitelist for these files only.
  16. Hi, here's a screenshot of how to add exclusions.
  17. Hi, I can't reproduce detection of the files you attached earlier. Can you check if these are the exact same files and re-attach if different? Thanks
  18. Hi, Please zip and attach the files you want analyzed here to this post and we will verify if they are detected as false positives and fix/remove the detection again. Thanks!
  19. Hi, This is a PUP detection, so Potentially Unwanted. Given you want to keep it, Please add what it found, to your exclusions. In order to do so, when it has found the detections, unselect the items you want to remove and then click next. Then you'll get an additional prompt in order to add these to the exclusions.
  20. Glad to hear and thanks for the heads-up!
  21. Thanks. ClassicUO (the ClassicUO.exe file itself) is never triggered by our machinelearning. It's mainly razor.exe. But a next database update should fix this.
  22. Thanks. This might be a different version of razor.exe, than the previous one attached, but I will be able to collect some more razor.exe files for applying a better whitelist for these, in order to cover previous and future versions. Thanks for reporting!
  23. Yes, our detections also apply to the passive/background scanner, mainly when something is launched/executed. But we typically fix false positives immediately, especially if they are related with our machinelearning detection (as minor FPs might always happen with machinelearning engines), so it could have been a one time detection for you only where it was fixed immediately afterwards. Nevertheless, thanks for the heads-up!
  24. Hi, I can't reproduce detection anymore, so this might have been fixed already. Can you rescan again and see if it's still detected? If still detected, can you zip and extract the contents of the archives and scan on them and let me know what exact file is being detected in the archive? This since even extracting these archive files don't yield any detections. Thanks!
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.