Jump to content

hexaae

Honorary Members
  • Posts

    92
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by hexaae

  1. Fixed with 4.4.4: MBAM-4886: Formatting issues were found in the Italian version of the "Scan time" section. Malwarebytes for Windows 4.4.4 Release Notes – Malwarebytes Support Thank you.
  2. It's a Steam downloaded file (old SecuROM game), plus e few innocent bytes modification through a hex-editor as explained in the guide. 100% false positive.
  3. Ok, thanks. Yes I have all security options ON, I'll keep it in mind, thank you.
  4. Malwarebytes www.malwarebytes.com -Dettagli log- Data evento di protezione: 07/07/21 Ora evento di protezione: 11:38 File di log: 280501ee-df07-11eb-864f-0c9d92a56fd0.json -Informazioni software- Versione: 4.4.2.123 Versione componenti: 1.0.1358 Aggiorna versione pacchetto: 1.0.42790 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19043.1081) CPU: x64 File system: NTFS Utente: System -Dettagli malware bloccati- File: 1 Malware.Heuristic.1003, D:\Steam\steamapps\common\Arcania Gothic 4\Arcania.exe, Nessuna azione intrapresa, 1000001, 0, 1.0.42790, 0000000000000000000003EB, dds, 01322295, BE171DBF03F5A0B15AD7563CE79DEC39, 566F8383DF590B28E6E3D1F73548A72C09408A59C2F9E58B5A83EA1FC17A3B7C (end) Of course is not malware. Just patched (old) game EXE as instructed by this guide on Steam: https://steamcommunity.com/sharedfiles/filedetails/?id=1709583781&tscn=1625626430 Arcania.zip
  5. 4.4.2 update today. Typo is still there :(
  6. As you can see from pic something is broken for the elapsed time in the Italian strings...
  7. Every time I try to manually scan a compressed archive in ZIP, RAR, 7Z etc. formats I see the scan lasts just a moment and the report always says: Scanned files: 1 even though the archive contains many files... It looks like it's not working as expected even though I've set to scan archives in the MB Settings: E.g. of a ZIP scan report: Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 15/02/21 Ora scansione: 22:01 File di log: ecc2bd06-6fd0-11eb-a486-0c9d92a56fd0.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1157 Aggiorna versione pacchetto: 1.0.37165 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.804) CPU: x64 File system: NTFS Utente: LAPTOP-DVK1QFAS\Luca -Riepilogo scansione- Tipo di scansione: Scansione personalizzata Scansione avviata da: Manuale Risultati: Completata Elementi analizzati: 1 Minacce rilevate: 0 Minacce messe in quarantena: 0 Tempo impiegato: 0 min, 2 sec -Opzioni di scansione- Memoria: Disattivata Esecuzioni automatiche: Disattivata File system: Attivata Archivi compressi: Attivata Rootkit: Disattivata Analisi euristica: Attivata PUP: Rilevare PUM: Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 0 (Nessun elemento nocivo rilevato) Settore fisico: 0 (Nessun elemento nocivo rilevato) WMI: 0 (Nessun elemento nocivo rilevato) (end)
  8. Even after latest update still many false positive GalaxyClient.exe connections to their CDN network. Some examples below:
  9. Confirmed. GalaxyClient.exe gets blocked again:
  10. hexaae

    rld.dll

    Adding here launcher + dll for a better analysis rld2.zip
  11. hexaae

    rld.dll

    rld.dll alternative unofficial file to make an old game with Securom on Steam finally work also on Windows 10 in 2020... Some segments of this DLL are probably compressed and obfuscated. Malwarebytes www.malwarebytes.com -Dettagli log- Data scansione: 29/12/20 Ora scansione: 22:47 File di log: 805f6f78-4a1f-11eb-a818-0c9d92a56fd0.json -Informazioni software- Versione: 4.3.0.98 Versione componenti: 1.0.1130 Aggiorna versione pacchetto: 1.0.34981 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.685) CPU: x64 File system: NTFS Utente: LAPTOP-DVK1QFAS\Luca -Riepilogo scansione- Tipo di scansione: Scansione personalizzata Scansione avviata da: Manuale Risultati: Completata Elementi analizzati: 1 Minacce rilevate: 1 Minacce messe in quarantena: 0 Tempo impiegato: 0 min, 6 sec -Opzioni di scansione- Memoria: Disattivata Esecuzioni automatiche: Disattivata File system: Attivata Archivi compressi: Attivata Rootkit: Disattivata Analisi euristica: Attivata PUP: Rilevare PUM: Rilevare -Dettagli scansione- Processo: 0 (Nessun elemento nocivo rilevato) Modulo: 0 (Nessun elemento nocivo rilevato) Chiave di registro: 0 (Nessun elemento nocivo rilevato) Valore di registro: 0 (Nessun elemento nocivo rilevato) Dati di registro: 0 (Nessun elemento nocivo rilevato) Flusso di dati: 0 (Nessun elemento nocivo rilevato) Cartella: 0 (Nessun elemento nocivo rilevato) File: 1 Malware.Heuristic.1001, C:\USERS\LUCA\DESKTOP\WIN32LIVE\RLD.DLL, Nessuna azione intrapresa, 1000001, 0, 1.0.34981, 0000000000000000000003E9, dds, 01049291, DCF43AACE0E64EC84E5243259A0982DD, B2E45CD6788C1F77AD7D91372F80ED9FB9D2552810D4DDD7B81AB3AE682E3980 Settore fisico: 0 (Nessun elemento nocivo rilevato) WMI: 0 (Nessun elemento nocivo rilevato) (end) rld.zip
  12. Ok, I just created new topic REQUEST: add wildcards support to websites whitelist - Malwarebytes for Windows - Malwarebytes Forums
  13. Please add wildcards support (*, ?, etc...) to website whitelist to be able to exclude from wrong detection entire domains like *.abcd.com
  14. Please remove false positive hxxps://amitopia.com/
  15. But now does work fine and won't report anything wrong for me too... Weird 😅
  16. Registry Workshop ITA http://www.torchsoft.com/en/download.html false detection, downloadable from: http://www.torchsoft.com/download/RegistryWorkshop_ita.exe
  17. This should be a fix for an old game (Dragon's Lair 3D), where original file did not run under Windows 10. grudl3dcd.7z
  18. Moreover... this seriously requires a "Name" or "Note" field to quickly remember what the block was for, because you know that things may change on the Internet...
  19. I agree. I'm still waiting for this feature since a long time ago... Just for example, today MWB started to block GOG CDN that use different servers with the same domain base name "gogcdn.net". PLEASE UPDATE WEB EXCLUSION FEATURE allowing wildcards ASAP.
  20. Malwarebytes www.malwarebytes.com -Dettagli log- Data evento di protezione: 07/10/20 Ora evento di protezione: 14:44 File di log: e77abeea-089a-11eb-875a-0c9d92a56fd0.json -Informazioni software- Versione: 4.2.1.89 Versione componenti: 1.0.1045 Aggiorna versione pacchetto: 1.0.30922 Licenza: Premium -Informazioni sistema- SO: Windows 10 (Build 19041.546) CPU: x64 File system: NTFS Utente: System -Dettagli siti web bloccati- Sito web nocivo: 1 , C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Bloccato, -1, -1, 0.0.0, , -Dati sito web- Categoria: Trojan Dominio: cdn-edge-dynamic-12-waw-pl-ovh.gogcdn.net Indirizzo IP: 51.83.253.152 Porta: 443 Tipo: In uscita File: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe (end)
  21. Yes I know, and wanted an option (or maybe a new custom schedule option?) to just update signatures on program launch. Why? 1. I don't like to wait for (slow) update check on first manual quick scan (it takes 12 secs on my system, and 6-8 secs are just for the signature update!) and I'd prefer to launch MWB, do something else in multitasking, and then in case start a quick scan skipping the initial update delay since the update already took place in background. 2. seems logic to have an option like this and be sure is up-to-date the signature when you launch MWB manually
  22. Premium + real-time active, but I launch it manually.
  23. I personally don't keep it always in background, so when I manually launch it I'd like it to automatically get updated signatures etc.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.