shadowwar

Note. In some instances this may be still detected. The file is ok and will need to be added to exclusions if still detected.

Correct. Nothing to be concerned with.

Thanks. This should no longer be detected.

Well we recommend all devs exclude their working folder. Partial code and objects can trip up anomaly detection as its not common for a normal user to have those on their system. You can send me the mbamservice.log and i might be able to analyze it from there. Its located here: C:\ProgramData\Malwarebytes\MBAMService\logs If you would like you can zip up some of the files detected and private message me with them and i can look at what is going on.

Can you please attach the nortonsecurity.exe zipped here so i can fix this? Or can you also attach the mbamservice.log located here: C:\ProgramData\Malwarebytes\MBAMService\logs

You should be ok to reply now.

I am bringing this to attention to the mods. Can you maybe pm me the response if you want?

The anomaly detection system is a self learning system. When it runs across a file it doesnt know if tests it and if it turns out not to be malware then it whitelists it. So FPS are less then in this instance and not a detection missed issue. The system has learned a lot in the past year along with other improvements code wise. If you still have files that are fps please attach them here and we can analyze them and expedite the whitelisting as sometimes the system can take up to 24 hours to adjust. So fps have gotten less over the past year is what you are running into thus less fp detections. Detection of malware has greatly improved. We recommend always excluding your working directory. The reason being is non code ready files can look anomalous to the engine as they are not a complete file and would never been seen in the wild otherwise. What version are you talking about for custom scans? 3 or mbam 4 beta?

If its just a bmp resource and no other code then it will definitely trip as that is an anomalous file. Malware often uses the bmp resource trick to hide code and dump it from the resource. I recommend excluding your working directory till the file is code complete then see if we detect. I have forwarded your information onto the people in charge of this.

So quick question for clarifcation with the devs. Is all you are doing is adding a bmp resource with no other code or does other code exist also in the file?

Can you zip and attach this file? or provide the md5 of it? Its not in the logs you attached. C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe

ok transferring this to exploit protection

Can you please run an update of your application with mbam running and then please provide this file so we can analyze what may be blocking? C:\ProgramData\Malwarebytes\MBAMService\logs\mbamservice.log Thanks This May have been automatically fixed yesterday possibly. But without the service log for me to see what is triggering i cant be sure.

This is a dridex infection. We are in process of updating defs for it right now. Should be out in an hour or two at the most. The new mbam beta 4 does detect this already. I was able to remove this manually by: running a command prompt. open taskmanager and kill explorer.exe then from command prompt type del C:\Users\User\AppData\Roaming\YXLbnz\*.* (or whatever path is changed to now) then in command prompt type explorer.exe Close command prompt.

not 100% but you can scan a file at virustotal.com and see how many av's detect.