tetonbob

Both files were caught by the same false positive which has now been fixed. Database v1.0.7438 or newer Thanks for your reports and your patience!

Hello. This has been confirmed by our Research team that is indeed a false positive and will be fixed in the next database update. See:

Hi @SteveDOB1961- thanks for the log. This was indeed a false positive, and the file should no longer be detected.

Thanks, spurkza. I've forwarded this information to our developers. We'll investigate.

Thanks for the update. Let us know if the bad behavior continues or if it has been resolved with your latest.

Hi @SteveDOB1961- Can you either attach the actual file as requested by @shadowwar or alternatively, attach this entire log? C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\5a84102a-d0ae-11e8-a55a-001fc6396638.json

In addition to the good advice from plb4333, the logs indicate your BFE (Base Filtering Engine) service is stopped, and also disabled in MSCONFIG. BFE is critical to Windows Firewall, as well as third party firewalls, and also Malwarebytes Web Protection. Please re-enable BFE in MSCONFIG, restart the machine, and see if that helps.

Hi spurkza - thanks for the update. Please do keep me informed as you monitor over the next few days. For what it's worth, I tried replicating the issue locally, with SpyShelter, ZoneAlarm and Malwarebytes, upgrading from 3.5.1 to 3.6.1, and so far have been unable to. Kind regards, Bob

Thanks, @spurkza

Hi @spurkza - Can you upload the zipped memory dump to wetransfer.com and use the "send as link" option from Add your files > settings Once uploaded, can you send the link to me via Private Message please? Also, the FRST logs captured by the Malwarebytes Support tool seem incomplete. Would you mind running it separately and attaching those logs to a reply here? Create and obtain Farbar Recovery Scan Tool (FRST) logs Download FRST and save it to your desktop Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run FRST and when the tool opens click "Yes" to the disclaimer Press the "Scan" button This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt

Great, thanks. This version is already whitelisted. If you want to be proactive you can exclude the NexusClient.exe as a File Exclusion, and only as a Ransomware exclusion if you like. Detailed instructions are available here: https://support.malwarebytes.com/docs/DOC-1130

Thanks for your report. That particular version should no longer be detected. Can you also attach (or scan at VirusTotal and provide the link to the scan page) the new version of NexusClient.exe you have?

Hi @BeneathThePlass - Can you attach the log located here, please? C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\782346c2-c40c-11e8-934a-00ff1f04c180.json Also attach the log at C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMService.log Thanks!

Thank you, Iain. We'll get this to Dev ASAP.

@TempLost - you can use Filemail to send the large archive https://www.filemail.com/ Choose the 'Send as link' function. Once your file is uploaded, you'll be presented with a screen with the link. Please PM that link to @dcollins or me. Thanks!