kstev99

Latest version of Symenu (8.00.8738) that auto updated today was detected MachineLearning/Anomalous.100% Checked the file (Symenu.dll) on VirusTotal and it is only flagged by Malwarebytes SyMenu.rar

Shouldn't have to perform any of these steps if Malwarebytes would stop flagging perfectly safe programs. How is this a valid PUP detection? I have already added it to exclusions and unchecked the items before they were quarantined. I was only reporting it so that you may want to check your definitions of a PUP.

Popular PC tuning software being flagged as PUP by Malwareytes on two of my computers. This happened long ago (2019) and fixed, but it is back..... Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/21/23 Scan Time: 5:09 PM Log File: b247171c-99e0-11ed-beb7-d8bbc14b9bc2.json -Software Information- Version: 4.5.21.231 Components Version: 1.0.1888 Update Package Version: 1.0.64861 License: Premium -System Information- OS: Windows 11 (Build 22623.1180) CPU: x64 File System: NTFS User: MSI-Kenny\Kenny -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 348499 Threats Detected: 10 Threats Quarantined: 0 Time Elapsed: 1 min, 56 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76 Module: 1 PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76 Registry Key: 3 PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Kerish Doctor, No Action By User, 16282, 1116063, , , , , , PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , , PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 PUP.Optional.KerishDoctor, C:\WINDOWS\SYSTEM32\TASKS\Kerish Doctor, No Action By User, 16282, 1116063, , , , , 6333A1ED3E330D21CC4EA69200D0741B, B371F1AB14605B8104FE74E64325611232C0D75AF38447C3F2DD6E5D2E6EFE7B PUP.Optional.KerishDoctor, C:\USERS\KSTEV\DESKTOP\Installed\Kerish Doctor 2022.lnk, No Action By User, 16282, 1116063, , , , , 51D0FB069EFB68526F70CE0E6143D86C, 0F83B4CAC404ECEBAA18C35F622F97978E2EB3714758EAF0CD42B437A7953176 PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76 PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\BINARY\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76 PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\UPDATE\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

I started getting notices once or twice a day that an outbound connection from Firefox to forum.iamnotageek.com was blocked by Malwarebytes. First I am wondering why in the world Firefox would randomly try to connect to that site. I have been to it years ago, but haven't been recently although I probably do have it bookmarked. Second: I tried manually navigating to forum.iamnotageek.com and it is indeed blocked. Is it a FP or is the site really compromised? -Log Details- Protection Event Date: 7/12/22 Protection Event Time: 12:35 AM Log File: 6b83eaf0-01a4-11ed-9d4c-d8bbc14b9bc2.json -Software Information- Version: 4.5.11.202 Components Version: 1.0.1716 Update Package Version: 1.0.57123 License: Premium -System Information- OS: Windows 11 (Build 22622.290) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 192.227.143.36 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

ok, thanks!

This is the PORTABLE version of Librewolf

Strange that it was detected as Ransomware , I rebooted, restored the file from Quarantine and ran a scan on it (JUST the File, then the folder). Both CLEAN. But I did a Full scan and it was detected again. Virus Total shows nothing as well, why does it keep getting flagged? Librewolf.zip

It's been a while since I've addressed this issue, but was wondering if there are any fixes yet to Malwarebytes breaking Windscribe VPN Split tunneling. From my understanding PIA VPN has the same problem when Web Protection filter is enabled. I've been a Malwarebytes user for many many years but I am considering going back to Defender if this issue isn't even being addressed by the developers. I put in a support ticket on Windscribe and it was determined that the problem was definitely with Malwarebytes. Could there be any exclusions or workarounds for this issue ?? When I addressed this issue previously on this forum, and sent the logs it was suggested that my (gaming) computer was very complex and would take a long time to analyze. I have since a new computer Win10 I-7 11700k Malwarebytes and Windscribe were two of the FIRSTprograms installed. the problem still existed on a new setup.

Go ahead and close this topic I guess. My computer doesn't really need "Cleaned Up" so to speak. It is Virus / Malware free and everything runs like a finely oiled machine, Steam Games, Graphics Editing Programs etc. EXCEPT for MBAM and one of the three VPN's that I use. Thanks for your help.

I was already using the Beta 4.3.098 but I updated the definitions to 1.0.39024 and rebooted. Still no VPN if split tunneling is enabled and Web Protection is on. If I try Normal Mode VPN without split tunneling the VPN works fine. It also works fine WITH split tunneling if I disable MBAM Web Protection. I also use mostly a different VPN program (ProtonVPN) that works fine with split tunneling enabled and it has no problem with MalwareBytes. Maybe I'll just not use the Windscribe except on occasion. I just saw the board that there was a similar problem with PIA, and thought you may have an idea.

Here are the Farbar Logs. My Internet connection is not very fast (3-5mbps) Perhaps that is why the other failed. I could try regenerating the MBAM logs and sending if you need them. Thanks for your help! Addition.txt FRST.txt

Here are some Logs. I enabled "Enhanced Event Log Data" in settings for the purpose of gathering logs. I have since disabled that option. I tried to connect Windscribe while Web Protection was Enabled just seconds before generating the logs. It was unsuccessful, although it says "Connected" The IP address stays the same as my ISP. mbst-grab-results.zip mbst-grab-results.zip

Thank you I am having this exact same problem with WINDSCRIBE 2.0 VPN. Using MalwareBytes Version 4.3.098 1.02.1249 on Windows 10. I have tried all of the steps above Except the packet size. There is only "Auto" "AutoDetect" (1496) or a choice to enter your own packet size. The only way Split Tunneling will work is to Disable Web Protection. I just spent 3 days with Windscribe support to determine that MBAM was the problem. Is there no Exceptions that I can add to make this work?

Thanks! I'll just add it exclusions.

H@tKeysH@@k.rar MBAM Scan Log.txt

This was detected as a Trojan Keylogger. It was installed with a game trainer, to use with games. From the cheathappens site: https://www.cheathappens.com/virus_warning.asp Specific Virus Warnings HotKeysHook.dll This file is a part of the TRAINER MAKER KIT, an older, but popular program used to create trainers. This file has been around for many, many years and somewhere along the way it got labeled as a trojan keylogger. THIS IS A FALSE READING. Many popular antivirus applications have removed this false positive from their signatures, but some still carry it. This file IS NOT A TROJAN KEYLOGGER and is completely safe. It simply listens for keys to be pressed inside the game so it can activate the options from the trainer. Can this file be trusted?

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/2/18 Protection Event Time: 11:18 PM Log File: 51469d66-96d4-11e8-925e-1c872c6044b0.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6179 License: Premium -System Information- OS: Windows 10 (Build 17134.165) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: api2.poperblocker.com IP Address: 52.202.186.208 Port: [62705] Type: Outbound File: C:\Program Files\Firefox Nightly\firefox.exe (end)

Strangely after re-booting it is no longer being identified as ransomware. When the ransomware was flagged, my steam client was downloading a large update. Not sure if that could be related or not, but it seems ok now. I have tried attaching the file as both a ZIP and RAR file, size around 10MB, but after the uploading progress bar reaches 100% I get an error every time that reads: There was a problem processing the uploaded file. -200

This morning MBAM removed nexus.exe from my system. When I searched I found that the same thing happened to nexus.exe back in April 2017. It's Back!! -Log Details- Protection Event Date: 7/28/18 Protection Event Time: 10:52 AM Log File: 2b7892e2-927e-11e8-afd2-1c872c6044b0.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6105 License: Premium -System Information- OS: Windows 10 (Build 17134.165) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Winstep\nexus.exe, No Action By User, [0], [392685],0.0.0

I am having the same problem. Tried closing down MBAM and restarting. Still says I am out of date, but clicking updates does nothing. I see someone else repeated this post, so the problem is apparently on Malwarebytes end and not the user.

Same here, started this morning after booting computer.

I've been getting these errors since installing several days ago. Not so much on startup but almost hourly throughout the entire day. I have uninstalled and reinstalled, tried the other fixes on this forum. No Luck. Otherwise a great update, but the warning messages are getting to be rather annoying.

Installed perfect;y, I did a threat scan. Very Very Fast !!! However some PUP items were discovered in the registry and the scan results screen truncates the long registry address. What is needed is a right click context menu item to actually GO TO the registry location yourself to investigate, or to go to containing folder containing a suspicious file. It is very hard to determine exactly what the threat is without being able to see its location on the screen

While I do realize the importance of stopping ransomware immediately, it would be nice, especially during this beta testing, if rather than just quarantining a program, a dialogue box would alert you that this program is about to be quarantined and give user an option to add/report as a False Positive and skip quarantine. Perhaps this could be timed where if there is no response from the user within xxx min/sec the quarantine continues. There seems to currently be a lot of FP's. I'm sure that will improve with time, however I have chosen to uninstall the beta, as I could not imaging the horror of having to re-install a program like Microsoft Office and its 2 years of security updates I intended to post this in the "Ideas for Malwarebytes Anti-Ransomware Beta" Forum