shadowwar

This should no longer be detected.

This shouldn't be detected anymore. IT was fixed a bit ago.

The above has been fixed.

Its not detected locally here. It should of been within 10 mins of my last post. Maybe shutdown Malwarebytes and restart it and see if its still detected. If you do change it it would have to be whitelisted again for now. You can save some time though by uploading it to virustotal.com as our cloud would get a copy and learn whether its malware or not. I cant get into specifics but basically it looks for file anomalies similiar to what malware does. Files not signed. Weird version info. Empty sections or packed. etc. If the file was valid digital signed it goes a long way to preventing fps.

This should no longer be detected. Thanks for reporting,.

The name should not make a difference. It may have learned its a fp already. Try naming it back and see.

Impossible to say without the file or virustotal Link. Something is not common with the file.

I made the MBAE team aware and they are looking into it. TY.

This is globeimposter 2.0 ransomware. There is no known decryptor at this time. Going to the site you linked this script is legit. It doesn't do the encryption. Did you download from anywhere else near the same time?

This was confirmed a fp and should be fixed now.

moving this to webblocking.

This may be fixed now but would like the other information i requested. Thanks!

Can you please click save results on that screen and paste he log here. I need the full path of the second file detected.

Please post the virustotal links when they are done processing. Can you also export the reports and copy and paste them here. It shows more information then the screenshot does. Thanks!

The link seems to be dead for the website that you provided.