Jump to content

shadowwar

Staff
  • Content Count

    8,437
  • Joined

  • Last visited

Everything posted by shadowwar

  1. This shouldn't be detected anymore. IT was fixed a bit ago.
  2. Its not detected locally here. It should of been within 10 mins of my last post. Maybe shutdown Malwarebytes and restart it and see if its still detected. If you do change it it would have to be whitelisted again for now. You can save some time though by uploading it to virustotal.com as our cloud would get a copy and learn whether its malware or not. I cant get into specifics but basically it looks for file anomalies similiar to what malware does. Files not signed. Weird version info. Empty sections or packed. etc. If the file was valid digital signed it goes a long way to preventing fps.
  3. The name should not make a difference. It may have learned its a fp already. Try naming it back and see.
  4. Impossible to say without the file or virustotal Link. Something is not common with the file.
  5. shadowwar

    VLC update

    I made the MBAE team aware and they are looking into it. TY.
  6. This is globeimposter 2.0 ransomware. There is no known decryptor at this time. Going to the site you linked this script is legit. It doesn't do the encryption. Did you download from anywhere else near the same time?
  7. shadowwar

    VLC update

    This was confirmed a fp and should be fixed now.
  8. This may be fixed now but would like the other information i requested. Thanks!
  9. Can you please click save results on that screen and paste he log here. I need the full path of the second file detected.
  10. Please post the virustotal links when they are done processing. Can you also export the reports and copy and paste them here. It shows more information then the screenshot does. Thanks!
  11. The link seems to be dead for the website that you provided.
  12. This was fixed now. I can only say the following would help with it not being detected. Properly filled out version information on the file. Digitally signing the file. Basically the system looks for anomalous items in the file and computes a score. The less the file looks like all the other autoit malware out there then the less chance of it being detected. Doing the above would definitely help. There are 5 other av's currently detecting it according to virustotal just for your information.
  13. I recommend visiting our malware removal subforum to have your system checked to see if something you have is being missed.
  14. This is fixed in the cloud so the effect is a few minutes. You can see here for some explanations.
  15. Did you reboot after the detections and removal?
  16. Please see here: I recommend excluding your working directory from malwarebytes. When your project is done if its still detected outside your working directory please let us know.
  17. This was fixed on march 6th. It should no longer be detected.
  18. This is a different problem then above. I split your thread to the website blocking subforum as that is what occurring and not a malware detection.
  19. Its means the file has some non standard structures that is often seen in malware. Doesnt necessarily mean its 100% malware. Could you zip and attach the file here so we can check it? Thanks.
  20. Thanks for reporting. This is a false positive and should no longer be detected.
  21. You can shut it off or exclude your working directory. If you go to settings/protection/scan options/ use signature-less anomaly detection.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.