siliconman01

https://www.malwarebytes.com/support/releasehistory/

I am able to Quarantine/Remove it without any adverse affects on the Network of the computer where it was residing. Thanks for the feedback.

CNICDriver.sys is being detected as a PUP.Optional.DrivetheLife malware as of this morning. Is this a false positive? Nine(9) of the security firms on VirusTotal are reporting it; however, the biggies are not reporting it. CNICDriver.txt CNICDriver.zip

exile360, thanks much for your feedback and guidance. I do use HostsMan v4.7.105 and have it set to overwrite the entire HOSTS file on update...which I manually control. I just wanted to let the MB techs know that the HOSTS file seems to be managed by MB differently than how they think it is. ?

There's one BIG problem with that, however. Malwarebytes does NOT just remove the one item that was flagged. It quarantines the entire HOSTS file. UGH!

Nope, that's not the way it works. To test this, I did the following: 1. I arranged the HOSTS file in single line entries....1 entry per line. 2. I ran a Normal Scan. It detected 80 entries as Hijack.Hosts because of ipm-provider.ff.avast.com. See the attached .txt named NormalScan. I unchecked these entries and told Malwarebytes to "ignore once". 3. I then ran a Custom Scan on my C/D drive with "check for rootkits selected. It detected 1 entry as Hijack.Hosts because of ipm-provider.ff.avast.com. See the attached .txt named CustomScanCDwithRootkits. I unchecked this one entry and told Malwarebytes to "exclude always". 4. Malwarebytes appears to have excluded the entire HOSTS file. See the pic "Exclusions". Therefore, there is no way to exclude a single entry in the HOSTS file. In addition, Malwarebytes has a bug in how it scans the HOSTS file during a Normal Scan. CustomScanCDwithRootkits.txt NormalScan.txt

Yes, removing ipm-provider.ff.avast.com does permit Malwarebytes to scan clean and not flag the HOSTS file. HOWEVER, I agree with exile360 that this entry is a valid block entry for the HOSTS file. I also use CCleaner and do not it to add anything associated with Avast Security to my systems...now or ever.

I use the Steven Black Unified Hosts file as shown in the attached pic. If I remove the following AVAST entries from this HOSTS file, Malwarebytes scans clean. avast-downloads.com get-avast.com www.avast-downloads.com www.get-avast.com ipm-provider.ff.avast.com Note that MB does detect www.avast-downloads.com and avast-downloads.com as fraudulent websites. If I attempt to open the other 3, they appear as inaccessible. I suggest that finding the word AVAST in a HOSTS file entry does not constitute Malwarebytes calling the HOSTS file hijacked. There are entries showing the words Norton, Symantec, Bitdefender, and even Malwarebytes in my HOSTS file and they pass the MB scanner okay.

A normal scan yields the same false positives. FalsePositive.txt

When running a Custom Scan (with rootkits), MB reports the &Windows%\System32\drivers\etc\HOSTS file as Hijack.Host. HOSTS.zip ScanLog.txt

Component package 1.0.421 seemed to be sneaked out with no fanfare ? It did fix the inability to activate ransomware protection on my gaming system with Windows 10x64 Pro Build 17134.228. Plus have had no incidents of BSODs

Yes, I am running ExpressVPN during snapping the above pic. My actual IP address location is quite a distance from where ExpressVPN has "relocated" me. The IP Lookup Page link does demonstrate that ExpressVPN is properly working. The IP addresses are different.

Thanks much for the info. I will definitely look into using XTU.

Not doing any undervolting on my CPU. I'll read up on that because I am not familiar with that tactic. Thanks for the tip. I use an ASUS ROG Maximus VIII Extreme motherboard. The BIOS settings can be a bit difficult to understand unless the user is a computer tech whiz....which I am definitely not. Yes, I am doing a Custom Scan. A threat scan only takes about 1 min 7 sec.

Well, some of my heating issue is centered around overclocking. I am using an i7-6700k CPU overclocked to 4.6 mhz with a water cooler on the CPU. And I have 64 gigabytes RAM which provides all sorts of room for things to execute without shuffling. When I do a manual scan (including rootkit) with MB 3.5.1, it scans roughly 336,000 items in 11 min, 7 sec. I also get a 2-2.5 minute "pause/delay" when it reaches the end of the C:\Windows\Winsxs folder. After the delay period, it takes off again within the Users folder and completes the scan after performing the heuristic scan. (I haven't been able to determine what MB is doing during this delay but the CPU power drops off significantly during that period.) With the air cooler heat sink on the SS 970 Pro, it maxes out at 46-47C. Following the scan, it cools back down to an idle temp of 36-38C. My personal preference/experience is that keeping components cooler prolongs the life span and also improves system performance. For example, I see a 2-3% performance improvement by using MSIAfterburner to control the fan on my overclocked Nvidia GeForce 980 Titan graphics card. Of course one could easily argue that "overclocking" and "prolongs the life span" is a counter intuitive statement.