Jump to content

giomach

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by giomach

  1. Hi, I am almost ready to release a new version of an application (Tobar.exe) which I am been distributing for over 20 years. But, as the attached screenshot shows, MWB is reporting it as suspect. Naturally, I don't want my clients to be faced with this problem. The application is programmed and compiled in Delphi XE. I have noticed, in the past, that other Delphi programs of mine have been identified as troublesome by MWB, and even some parts of the Delphi distribution itself. I attach a zip file containing the current .exe, though it will not do very much without data files. What can I do to avoid this? Ciarán Ó Duibhín. Tobar.zip
  2. My user had worked around the problem by putting the program on his allow list. He has now removed it from the allow list, and reports that all is well. Many thanks for your quick response.
  3. Thank you. All clear today. I'm puzzled by your advice to turn off "Use expert system algorithms to identify malicious files". I have never turned this setting on. All four of my scan settings are/were exactly as shown in your screenshot. Many thanks again.
  4. Hello, I attach a MWB log sent to me by a user of a program developed by me, "Tobar na Gaedhilge" (the program installer can be downloaded from http://www.smo.uhi.ac.uk/~oduibhin/tobar/index.htm ). I gather the user has only recently installed MWB. I have had MWB myself for years and it has never objected to this program. Apart from two mentions in the log of "Advanced System Care", about which I have never heard, all the other items objected to are generated by running the installer for my program. The installer was created using Inno Setup. It concerns me that MWB could have concluded that my program is dangerous, at least where this user is concerned. Can you suggest how this could have happened? Thank you. 2020-08-25-14h40 Tobar v MWB.txt
  5. I've been getting the vs_installershell.exe report, described above, in my overnight scan since August 23rd. I updated malwarebytes yesterday but it's still reporting this. Log details appended. Thanks for your comments. -Log Details- Scan Date: 25/08/2020 Scan Time: 03:40 Log File: 45488232-e67c-11ea-99d1-9829a63e4f93.json -Software Information- Version: 4.2.0.82 Components Version: 1.0.1025 Update Package Version: 1.0.29007 Licence: Premium -System Information- OS: Windows 10 (Build 18362.1016) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 392189 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 1 hr, 4 min, 49 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Heuristic.1001, C:\USERS\CIARáN Ó DUIBHíN\APPDATA\LOCAL\TEMP\EVURSN4J.XYY\VS_INSTALLERSHELL.EXE, No Action By User, 1000001, 0, 1.0.29007, 0000000000000000000003E9, dds, 00866951, 6037A74A840C5247280BAE7986E7F521, BFA81826A56FB60785C93EC83AAEE29BA427D20D1C426DF51000D58C98A4D81B Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  6. Thank you, that seems to have fixed it.
  7. The attached program, combine.exe, is one which I have written from scratch (for text processing) over the years and compiled on my own PCs. As of today, when I try to run it, it is automatically quarantined. Combine.zip
  8. I'm satisfied that my PC is now clean. Thank you for your help, nasdaq. I leave it to the MWB team to satisfy themselves that MWB is reporting correctly in the case of Nero-9.4.12.3_free-notoolbar.exe as downloaded from softfamous dot com (among other download sites). If it is true that this download contains bundled software (such as Seznam and/or App Explorer), and if such software is malware, then MWB is wrong in not reporting it. If either of those conditions is untrue, then MWB is behaving correctly.
  9. Thanks again, nasdaq. Fixlog.txt attached. Re Nero, I soon uninstalled Nero 9 Free, because the functionality of that free version was inadequate, and I have today deleted the empty directories left behind in Program Files. I purchased and installed Nero Burning ROM 20.0.2014, which may be the reason for Nero entries in my logs now. Fixlog.txt
  10. Thank you, nasdaq. App Explorer removed and fixlog.txt attached. Is the problem solved? I don't know. I have run a custom threat scan on the downloaded installer for Nero 9 Free, which I suspect installed Seznam (and App Explorer) when I ran it before. MWB found nothing wrong with the installer, just like before - and that was the problem. I could go on to install Nero 9 Free, and see whether Seznam and App Explorer reappear, but that is a risk I am not keen to take. Is there any reason to suppose that they might not reappear, as they did before? (It is something which could be tested on any computer, not necessarily mine!) Fixlog.txt
  11. Hi, I noticed two suspicious processes in Win 10 Task Manager today: szndesktop.exe and listicka-x64.exe. I discovered your webpage on these at https://forums.malwarebytes.com/topic/241466-removal-instructions-for-seznam/ This page says that malwarebytes will detect these, and should have prevented their installation. In fact it had not prevented their installation, and a custom scan of szndesktop.exe did not report any problems with it. I removed them (and other stuff) by uninstalling Seznam Software from the Win 10 Programs and Features control panel. I am fairly sure they were installed earlier in the day when I downloaded and installed Nero 9 Free from https://softfamous.com/nero-free/ I would attach the downloaded installer, but it is just to large (64MB). A similar (possibly identical) installer is available from other websites. I should add that, a little later, I downloaded ImgBurn 2.5.8.0 from the official ImgBurn website, from ImgBurn's own server, and malwarebytes quarantined it. I then downloaded it from the alternative Digital Digest server, and installed it; no problem was reported by malwarebytes this time. I think this is unconnected to the Seznam problem. I attach the Farbar reports as requested, but, as stated above, I had already uninstalled Seznam, and I hope this is sufficient to eliminate any danger. Thank you. FRST.txt Addition.txt
  12. Hi, I noticed two suspicious processes in Task Manager today: szndesktop.exe and listicka-x64.exe. I discovered your webpage on these at https://forums.malwarebytes.com/topic/241466-removal-instructions-for-seznam/ This page says that malwarebytes will detect these, and should have prevented their installation. In fact it had not prevented their installation, and a specific scan of szndesktop.exe did not report any problems with it. I removed them (and other stuff) by uninstalling Seznam Software from the Win 10 Programs and Features control panel. I am fairly sure they were installed earlier in the day when I downloaded and installed Nero 9 Free from https://softfamous.com/nero-free/ I would attach the downloaded installer, but it is just to large (64MB). A similar (possibly identical) installer is available from other websites. Should I be surprised that malwarebytes did not react to these files?
  13. Thanks again. My intermittent problem with getting stuck on updates is not happening at present. But it looks as if my hard disk is OK. WinDFT couldn't see my disk, and WD support advised using DLGDIAG instead ( https://support.wdc.com/knowledgebase/answer.aspx?ID=940 ). This scanned my disk and gave it a clean bill of health. (Just for general info, to minimize the risk of interfering with my internal drive, I cloned it to an external drive, and booted from that for the purposes of testing the internal one.) The problem could have something to do with my internet connection, as I have had occasional delays on other such operations, which however generally work when retried.
  14. Thank you. I did "chkdsk c:" which reported no problem. Then I did "chkdsk c: /r" on restarting Windows, it took 4–5 hours, and the results disappeared off-screen before I could read them, so I don't know what it fixed, if anything. Was this what you had in mind by "hard disk diagnostic", or is there a better one? After that, a new scan still got stuck on checking for updates, until I closed mbam.exe and reloaded it. Then a new scan succeeded in getting the updates. We'll see if the problem recurs. (While it wouldn't solve any problems, I think it would be good if MWB would do something when it becomes obvious that the updates are not going to be found, like telling the user and giving a menu of feasible actions.) Thanks again for your help.
  15. Hi, my problem with scan getting stuck on "checking for updates" is back. A scan is scheduled to run every 24 hours. The two attached screen shots, made at the same time, show that a scan has now been running for 43 hours, and has not got past "checking for updates". (BTW, to say "Last scan: 1 day ago" implies to me that the scan completed, whereas it seems to be really referring to the scan which is stuck. It would be more useful to know when the last completed scan was made.) Zipped logs attached. Thanks for your attention. mbst-grab-results.zip
  16. Thanks dcollins. Things are working again today — this problem of sticking on checking for updates comes and goes. When it recurs, I'll apply your suggestions.
  17. In the thread https://forums.malwarebytes.com/topic/189065-malwarebytes-anti-malware-stuck-on-checking-for-updates/#comment-1065431 this advice was given: "The logs indicate that someone has installed changes to the host file designed to pirate or steal our software. Please remove the settings from the hosts file and the updates should work again." As I'm having the same problem, can you tell me where to find the hosts file, and what it should contain. Thanks.
  18. Malwarebytes Premium is reporting a number of websites belonging to the University of Lisbon being "blocked due to malware". I get these messages, for example, when I visit http://www.teitok.org/ or http://www.teitok.org/index.php?action=projects The sites reported, not always consistently, include www.clul.ul.pt, ps.clul.ul.pt, alfclul.clul.ul.pt, cards-fly.clul.ul.pt. These addresses belong to a reputable university, and I would like to visit them. I know I can unblock them, but I would like more information about why they are being suspected. Thank you.
  19. Does that mean I can't run any version of Malwarebytes on this machine?
  20. Thanks Alex. It looks like I have "l license per PC". So I need to upgrade the license. But if I click "Manage My Subscription" and sign in, it says I have no subscriptions. That is not correct. My system control panel says: AMD Athlon (tm) XP 2600+ 2.08 GHz, 240 MB of RAM
  21. This is hardly a forum-type question, but I can't see any other support place to ask it. I have a home subscription to Malwarebytes Premium. I would like to install it on a second (older) machine. First question: does my subscription allow this? Second question: The second machine runs XP SP3. If I just download mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3707.exe and run it, it asks me to select setup language, and then gives "Runtime Error (at 350:120) Invalid floating point operation. Thank you.
  22. Thank you both for replying to my query. This is going to sound strange... My computer had been turned off for 3 weeks. When I restarted it, on May 11th, it behaved oddly, eg. took a long time to boot up; my USB 3.0 card was dead, etc. Everything else worked normally. MalWareBytes continued to do daily scheduled scans (with database update) until May 20th, so I didn't connect its subsequent problems with my computer's holiday. Yesterday I decided to open the case, re-seat a few cards, and blow away all the dust. Now it boots normally and the USB card is working again. And, unexpectedly, MalWareBytes is working correctly again. So I'll stay with version 2 now until my turn for version 3 arrives. I wonder how you're going to incorporate this experience into your procedures for problem diagnosis :-)
  23. Multiple problems running Malwarebytes 2.2.1.1043 under Vista SP2. 1. Why has the program not updated itself to version 3? I'm not sure I want this, though, given the problems I have seen reported with version 3. But I'd like to know why the updating has not happened. 2. Since 20 May 2017: a. scanning was stuck on the updating stage. I got around this by closing the program down and re-loading it (once). Database is now 2017.5.27.2. b. after fixing (a), manual scan (with database update) was OK, but scheduled scans are not happening. c. realtime protection is reported "no protection" on dashboard. Various logs attached. Thank you. mwblogs.zip FRST.txt Addition.txt CheckResults.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.