miekiemoes
-
Posts
11,020 -
Joined
Content Type
Events
Profiles
Forums
Posts posted by miekiemoes
-
-
Hi,
We will review and fix. Thx for reporting!
-
Yes, this is from our actual own blog: https://www.threatdown.com/blog/new-ransomhub-attack-uses-tdskiller-and-lazagne-disables-edr/
-
1
-
-
It's always good practice to digitally sign the files, but in general we should be ok here :)
-
Hi,
This has been fixed already.
Thanks for reporting!
-
Not every removal requires a reboot. :) So you should be ok in this case.
-
Hi,
Please see here:
Also, TDSSKiller isn't distributed anymore by Kaspersky either (discontinued).
-
Well, it's certainly interesting though, also since there were network-issues there as well when running the repair tool + your previous Panda Cloud cleaner scan displayed a problem with the pskmad.sys file driver which in your case was probably located under your userprofile rather than the drivers folder given it's the Panda Cloud Cleaner. So it also looks like not all components were running properly there.
In either way, let me know if problems still occur afterwards, because troubleshooting this now after all the changes and scans you made already is like searching for a needle in a haystack :)
-
Hi,
In either way, I couldn't reproduce the same problem when I scanned the Typhoon file with MB. It did show detection, but everything was behaving properly here.
In your case, it looks like a corruption has happened already given this statement: "During a scan, Malwarebytes detected "something" (Malware) but rendered it as "0". In the Quarantine window". This means, it couldn't properly process everything as how it should. Also given you had problems with firefox loading (XPCom issues) and probably other issues with certain programs... this rather sounds like a temporary corrupted userprofile. You won't always notice this since most programs do run, but in a way, your userprofile gets "locked", so it fails to write files/make changes to your userprofile, hence why a lot of programs might act weird.
The cause of a temporary corrupted userprofile can be anything though, a failed Windows update, disk write errors, corrupted registry keys (related with your profile) etc etc..
In most cases, a simple reboot resolves this again so the userprofile gets "unlocked" again and programs act normally again.
As for the license display issue (since this isn't my expertise), I suggest you look here first: https://support.malwarebytes.com/hc/en-us/articles/360038523934-Find-my-Malwarebytes-license-key where you can also contact support below, so this will then be forwarded to the right team to help you.
-
Hi,
The FP will be fixed in next database update, however, this shouldn't affect anything related with Firefox or Windows in general though. It looks like your MB install got corrupted before. Maybe another AV you have that interfered with it?
Sidenote, I see you mentioned that you enabled the rootkit scan. This is disabled by default since it's resource intensive + our normal engine (without this being enabled) detects rootkits as well. This is a component to target mainly older rootkit variants that aren't being seen in the wild, hence why now disabled by default. Also, rootkits aren't that common at all nowadays. So that's why I suggest you leave this component disabled.
-
The detection name will be adjusted.
-
1
-
1
-
-
Thanks. We'll have a look and will get this fixed.
-
Hi,
Thanks for reporting. This is a false positive indeed and will get fixed.
-
1
-
-
Hi,
This has been fixed already and should be reflected in next database update.
-
Hi,
Thanks for reporting. This is a false positive indeed and will get fixed.
-
Hi,
This is indeed a false positive by our additional machinelearning engine we have implemented.
This will get fixed.
Thanks for reporting! -
Hi,
"Version de pack de mise à jour: 1.0.87820"
Please make sure you update. We have 1.0.87824 in a meantime :)
-
Hi,
This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/
Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.
This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.
-
Thanks for reporting. This is an FP indeed and will be fixed.
-
2
-
-
I can't reproduce detection on my end anymore though.
-
Hi,
This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/
Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore.
This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.
-
Hi,
This appears to be a vulnerable version. I'll adjust the detection name for this.
I suggest to check the main official site if there's an update to this, and get the update. This also since this file should be digitally signed by NekoNyan Ltd, so in this case, this file is not.
-
Since none of these are malware and just riskware, it's up to you what you want to keep.
-
Thx. The Uninstall.exe looks fine, so this will be fixed.
-
As I said in above, these "game" files that are being detected are valid detections. They are not malicious but part of Koalaloader: https://github.com/acidicoala/Koaloader - It's basically a gamehack and not part of the actual game.
Just zip and attach the file: D:\GAMES\DEADLINK\UNINSTALL.EXE here.
False positive or not
in File Detections
Posted
Hi,
We don't detect this and shouldn't since this file is not malicious. It's from here: http://www.bk-software.de/