Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by shadowwar

  1. Note. In some instances this may be still detected. The file is ok and will need to be added to exclusions if still detected.
  2. Correct. Nothing to be concerned with.
  3. Thanks. This should no longer be detected.
  4. Well we recommend all devs exclude their working folder. Partial code and objects can trip up anomaly detection as its not common for a normal user to have those on their system. You can send me the mbamservice.log and i might be able to analyze it from there. Its located here: C:\ProgramData\Malwarebytes\MBAMService\logs If you would like you can zip up some of the files detected and private message me with them and i can look at what is going on.
  5. Can you please attach the nortonsecurity.exe zipped here so i can fix this? Or can you also attach the mbamservice.log located here: C:\ProgramData\Malwarebytes\MBAMService\logs
  6. I am bringing this to attention to the mods. Can you maybe pm me the response if you want?
  7. The anomaly detection system is a self learning system. When it runs across a file it doesnt know if tests it and if it turns out not to be malware then it whitelists it. So FPS are less then in this instance and not a detection missed issue. The system has learned a lot in the past year along with other improvements code wise. If you still have files that are fps please attach them here and we can analyze them and expedite the whitelisting as sometimes the system can take up to 24 hours to adjust. So fps have gotten less over the past year is what you are running into thus less fp detections. Detection of malware has greatly improved. We recommend always excluding your working directory. The reason being is non code ready files can look anomalous to the engine as they are not a complete file and would never been seen in the wild otherwise. What version are you talking about for custom scans? 3 or mbam 4 beta?
  8. If its just a bmp resource and no other code then it will definitely trip as that is an anomalous file. Malware often uses the bmp resource trick to hide code and dump it from the resource. I recommend excluding your working directory till the file is code complete then see if we detect. I have forwarded your information onto the people in charge of this.
  9. So quick question for clarifcation with the devs. Is all you are doing is adding a bmp resource with no other code or does other code exist also in the file?
  10. Can you zip and attach this file? or provide the md5 of it? Its not in the logs you attached. C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
  11. ok transferring this to exploit protection
  12. Can you please run an update of your application with mbam running and then please provide this file so we can analyze what may be blocking? C:\ProgramData\Malwarebytes\MBAMService\logs\mbamservice.log Thanks This May have been automatically fixed yesterday possibly. But without the service log for me to see what is triggering i cant be sure.
  13. This is a dridex infection. We are in process of updating defs for it right now. Should be out in an hour or two at the most. The new mbam beta 4 does detect this already. I was able to remove this manually by: running a command prompt. open taskmanager and kill explorer.exe then from command prompt type del C:\Users\User\AppData\Roaming\YXLbnz\*.* (or whatever path is changed to now) then in command prompt type explorer.exe Close command prompt.
  14. not 100% but you can scan a file at virustotal.com and see how many av's detect.
  15. Its not a fp. Its just as its stated. Its riskware. Its a keygen to crack a piece of software. Sometimes they are seen with malware so use at your own risk.
  16. This will be fixed next update. Probably a few hours from this post. Thanks for reporting.
  17. This should be fixed now. In the future if you could please include a scan log or what it was detected as it helps in getting this fixed quicker. Thanks.
  18. This should no longer be detected.
  19. This shouldn't be detected anymore. IT was fixed a bit ago.
  20. Its not detected locally here. It should of been within 10 mins of my last post. Maybe shutdown Malwarebytes and restart it and see if its still detected. If you do change it it would have to be whitelisted again for now. You can save some time though by uploading it to virustotal.com as our cloud would get a copy and learn whether its malware or not. I cant get into specifics but basically it looks for file anomalies similiar to what malware does. Files not signed. Weird version info. Empty sections or packed. etc. If the file was valid digital signed it goes a long way to preventing fps.
  21. The name should not make a difference. It may have learned its a fp already. Try naming it back and see.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.