kstev99

December 4, 2023

Latest version of Symenu (8.00.8738) that auto updated today was detected MachineLearning/Anomalous.100%

Checked the file (Symenu.dll) on VirusTotal and it is only flagged by Malwarebytes

January 22, 2023

Shouldn't have to perform any of these steps if Malwarebytes would stop flagging perfectly safe programs. How is this a valid PUP detection? I have already added it to exclusions and unchecked the items before they were quarantined. I was only reporting it so that you may want to check your definitions of a PUP.

January 21, 2023

Popular PC tuning software being flagged as PUP by Malwareytes on two of my computers.

This happened long ago (2019) and fixed, but it is back.....

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/21/23
Scan Time: 5:09 PM
Log File: b247171c-99e0-11ed-beb7-d8bbc14b9bc2.json

-Software Information-
Version: 4.5.21.231
Components Version: 1.0.1888
Update Package Version: 1.0.64861
License: Premium

-System Information-
OS: Windows 11 (Build 22623.1180)
CPU: x64
File System: NTFS
User: MSI-Kenny\Kenny

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348499
Threats Detected: 10
Threats Quarantined: 0
Time Elapsed: 1 min, 56 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Module: 1
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, , , , , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Registry Key: 3
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Kerish Doctor, No Action By User, 16282, 1116063, , , , , ,
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , ,
PUP.Optional.KerishDoctor, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{644A26D1-AF01-4565-9FCD-558206F5EF8F}, No Action By User, 16282, 1116063, , , , , ,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.KerishDoctor, C:\WINDOWS\SYSTEM32\TASKS\Kerish Doctor, No Action By User, 16282, 1116063, , , , , 6333A1ED3E330D21CC4EA69200D0741B, B371F1AB14605B8104FE74E64325611232C0D75AF38447C3F2DD6E5D2E6EFE7B
PUP.Optional.KerishDoctor, C:\USERS\KSTEV\DESKTOP\Installed\Kerish Doctor 2022.lnk, No Action By User, 16282, 1116063, , , , , 51D0FB069EFB68526F70CE0E6143D86C, 0F83B4CAC404ECEBAA18C35F622F97978E2EB3714758EAF0CD42B437A7953176
PUP.Optional.KerishDoctor, C:\PROGRAM FILES (X86)\KERISH DOCTOR\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76
PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\BINARY\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76
PUP.Optional.KerishDoctor, C:\PROGRAMDATA\KERISH PRODUCTS\KERISH DOCTOR\UPDATE\KERISHDOCTOR.EXE, No Action By User, 16282, 1116063, 1.0.64861, , ame, , 1EEBEA97DF3185B54E9E408FB7460183, 85633FC1548ADEFFA685DEE65B09D5409BC857CEA55E9DA4012F4740F028AF76

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

July 12, 2022

I started getting notices once or twice a day that an outbound connection from Firefox to forum.iamnotageek.com was blocked by Malwarebytes.

First I am wondering why in the world Firefox would randomly try to connect to that site. I have been to it years ago, but haven't been recently although I probably do have it bookmarked.

Second: I tried manually navigating to forum.iamnotageek.com and it is indeed blocked. Is it a FP or is the site really compromised?

-Log Details-
Protection Event Date: 7/12/22
Protection Event Time: 12:35 AM
Log File: 6b83eaf0-01a4-11ed-9d4c-d8bbc14b9bc2.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57123
License: Premium

-System Information-
OS: Windows 11 (Build 22622.290)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 192.227.143.36
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

July 9, 2022

ok, thanks!

July 9, 2022

This is the PORTABLE version of Librewolf

July 9, 2022

Strange that it was detected as Ransomware , I rebooted, restored the file from Quarantine and ran a scan on it (JUST the File, then the folder). Both CLEAN. But I did a Full scan and it was detected again. Virus Total shows nothing as well, why does it keep getting flagged?

Librewolf.zip

January 2, 2022

It's been a while since I've addressed this issue, but was wondering if there are any fixes yet to Malwarebytes breaking Windscribe VPN Split tunneling. From my understanding PIA VPN has the same problem when Web Protection filter is enabled. I've been a Malwarebytes user for many many years but I am considering going back to Defender if this issue isn't even being addressed by the developers. I put in a support ticket on Windscribe and it was determined that the problem was definitely with Malwarebytes. Could there be any exclusions or workarounds for this issue ?? When I addressed this issue previously on this forum, and sent the logs it was suggested that my (gaming) computer was very complex and would take a long time to analyze. I have since a new computer Win10 I-7 11700k Malwarebytes and Windscribe were two of the FIRSTprograms installed. the problem still existed on a new setup.

April 2, 2021

Go ahead and close this topic I guess. My computer doesn't really need "Cleaned Up" so to speak. It is Virus / Malware free and everything runs like a finely

oiled machine, Steam Games, Graphics Editing Programs etc. EXCEPT for MBAM and one of the three VPN's that I use.

Thanks for your help.

April 2, 2021

I was already using the Beta 4.3.098 but I updated the definitions to 1.0.39024 and rebooted. Still no VPN if split tunneling is enabled and Web Protection is on. If I try Normal Mode VPN without split tunneling the VPN works fine. It also works fine WITH split tunneling if I disable MBAM Web Protection. I also use mostly a different VPN program (ProtonVPN) that works fine with split tunneling enabled and it has no problem with MalwareBytes. Maybe I'll just not use the Windscribe except on occasion. I just saw the board that there was a similar problem with PIA, and thought you may have an idea.

April 2, 2021

Here are the Farbar Logs. My Internet connection is not very fast (3-5mbps) Perhaps that is why the other failed. I could try regenerating the MBAM logs and sending if you need them.

Thanks for your help!

Addition.txt FRST.txt

April 2, 2021

image.png.abaf5aebcdbaefd464e9ba638b458324.png

April 2, 2021

Here are some Logs. I enabled "Enhanced Event Log Data" in settings for the purpose of gathering logs. I have since disabled that option. I tried to connect Windscribe while Web Protection was Enabled just seconds before generating the logs. It was unsuccessful, although it says "Connected" The IP address stays the same as my ISP. mbst-grab-results.zip

mbst-grab-results.zip

April 1, 2021

On 3/19/2021 at 11:52 AM, AdvancedSetup said:

It's Important to remember that we strive to provide as much compatibility as possible whenever the 3rd party allows it, sometimes these third parties don't have compatibility in mind (we do all the time).

We do not use (have never used) blocking other security products as part of any strategy

Here is a possible workaround

Switch Private Internet Access from OpenVPN to WireGuard and enable option “Use small packets”

Update PIA to the latest version v2.7.1+

Turn VPN off

Switch from OpenVPN to WireGuard

Enable "Use small pockets"

Turn VPN on

Restart browser

Thank you

I am having this exact same problem with WINDSCRIBE 2.0 VPN. Using MalwareBytes Version 4.3.098 1.02.1249 on Windows 10. I have tried all of the steps above Except the packet size. There is only "Auto" "AutoDetect" (1496) or a choice to enter your own packet size. The only way Split Tunneling will work is to Disable Web Protection. I just spent 3 days with Windscribe support to determine that MBAM was the problem. Is there no Exceptions that I can add to make this work?

December 25, 2020

Thanks! I'll just add it exclusions.

December 23, 2020

H@tKeysH@@k.rar

MBAM Scan Log.txt

December 22, 2020

This was detected as a Trojan Keylogger. It was installed with a game trainer, to use with games. From the cheathappens site:

https://www.cheathappens.com/virus_warning.asp

Specific Virus Warnings

HotKeysHook.dll
This file is a part of the TRAINER MAKER KIT, an older, but popular program used to create trainers. This file has been around for many, many years and somewhere along the way it got labeled as a trojan keylogger. THIS IS A FALSE READING. Many popular antivirus applications have removed this false positive from their signatures, but some still carry it. This file IS NOT A TROJAN KEYLOGGER and is completely safe. It simply listens for keys to be pressed inside the game so it can activate the options from the trainer.

Can this file be trusted?

August 3, 2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/2/18
Protection Event Time: 11:18 PM
Log File: 51469d66-96d4-11e8-925e-1c872c6044b0.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6179
License: Premium

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: api2.poperblocker.com
IP Address: 52.202.186.208
Port: [62705]
Type: Outbound
File: C:\Program Files\Firefox Nightly\firefox.exe

(end)

July 28, 2018

Strangely after re-booting it is no longer being identified as ransomware. When the ransomware was flagged, my steam client was downloading a large update. Not sure if that could be related or not, but it seems ok now.

I have tried attaching the file as both a ZIP and RAR file, size around 10MB, but after the uploading progress bar reaches 100% I get an error every time that reads:

There was a problem processing the uploaded file. -200

July 28, 2018

This morning MBAM removed nexus.exe from my system. When I searched I found that the same thing happened to nexus.exe back in April 2017. It's Back!!

-Log Details-
Protection Event Date: 7/28/18
Protection Event Time: 10:52 AM
Log File: 2b7892e2-927e-11e8-afd2-1c872c6044b0.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6105
License: Premium

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Winstep\nexus.exe, No Action By User, [0], [392685],0.0.0

June 3, 2018

I am having the same problem. Tried closing down MBAM and restarting. Still says I am out of date, but clicking updates does nothing. I see someone else repeated this post, so the problem is apparently on Malwarebytes end and not the user.

May 19, 2017

Same here, started this morning after booting computer.

December 12, 2016

I've been getting these errors since installing several days ago. Not so much on startup but almost hourly throughout the entire day. I have uninstalled and reinstalled, tried the other fixes on this forum. No Luck. Otherwise a great update, but the warning messages are getting to be rather annoying.

December 9, 2016

Installed perfect;y, I did a threat scan. Very Very Fast !!! However some PUP items were discovered in the registry and the scan results screen truncates the long registry address. What is needed is a right click context menu item to actually GO TO the registry location yourself to investigate, or to go to containing folder containing a suspicious file. It is very hard to determine exactly what the threat is without being able to see its location on the screen

User input before Quarantine · March 22, 2016

While I do realize the importance of stopping ransomware immediately, it would be nice, especially during this beta testing, if rather than just quarantining a program, a dialogue box would alert you that this program is about to be quarantined and give user an option to add/report as a False Positive and skip quarantine. Perhaps this could be timed where if there is no response from the user within xxx min/sec the quarantine continues. There seems to currently be a lot of FP's. I'm sure that will improve with time, however I have chosen to uninstall the beta, as I could not imaging the horror of having to re-install a program like Microsoft Office and its 2 years of security updates

I intended to post this in the "Ideas for Malwarebytes Anti-Ransomware Beta" Forum

Events

Profiles

Forums

Posts posted by kstev99

Important Information