Fatdcuk

Staff
  • Content count

    20,636
  • Joined

  • Last visited

1 Follower

About Fatdcuk

  • Rank
    P.U.P BBQ'er

Contact Methods

  • Website URL
    http://www.malwarebytes.org

Profile Information

  • Location
    United Kingdom

Recent Profile Visitors

92,098 profile views
  1. Potential Faluse Poasative

    Hi DroidBytes Thank you for reporting this and confirmed it is a F/p and we will get this fixed. It is safe to restore those items from the quarantine.
  2. CCLeaner hack

    Hi Not 100% sure what has occured for you, possibly if your running MBAM from a limited user account that can sometimes interfere with removals from the HKLM hive. That said we should not be removing that key (It belongs to CCleaner Cloud ops) but only removing the data stored under that key should it be MUID or TCID or NID which are the values set when the affected installer has been run. If none of those values are present then the detection of the key should not occur.
  3. CCLeaner hack

    Hi and sorry for the delay in replying as this thread had been overlooked. Avast had purchased Piriform but are keeping the software/company by its original names. Once we became aware of the hack (as the whole industry became aware) we created detection for the bad installer and the compromised software executable file. This would have prompted our software to detect and quarantine those affected files. The removal of ccleaner.exe(32 bit) would break the software operations on 32bit OS's and hence the need to update to the new non affected version. * the 64bit ccleaner.exe executable was not compromised but because of how CCleaner chooses to install then the affected version had both executables present(32 & 64bit). Users using CCleaner on 64 bit OS's would not be affected as it is only the 32bit executable that was compromised and the 64bit OS would not use that executable file when loading the software. We laterly added detection for a registry trace that was only present after the original compromised installer had been run. * This detection would be present on both 32 and 64 bit installs, but it is only 32 bit installs that were potentially compromised. That trace was a "marker" and not an active component part of the compromised version but we decided we would remove it none the less. Back to your initial question(s) then if you have removed the bad 32 executable (ccleaner.exe) then it is no longer an active risk. Were you at risk ? Alas the compromised version was backdoored so everytime the software was previously launched so was the backdoor code. Had the active backdoor been exploited then we cannot tell you the answer to that but all we can advise is as with any potential security breach you change all your passwords from a secure computer .If you have used the affected computer for data sensitive activities such as online banking, online purchasing or sensitive work we would advise you contact your bank and/or work IT to advise them of your potential exposure to a data breach so the appropriate steps can be taken to protect yourself and others.
  4. You are correct and we all feel that same frustration . Alas that is the ongoing problem which is industry wide. In this instance the whole industry was caught out by this trusted chain hack. Unfortunately it is an ongoing game of cat and mouse where the bad actors always get to go first. We all can try to develope new technologies to mitigate risk against attacks but still as of yet there is no mythical silver bullet that can protect 100% on every potential attack scenario.
  5. Hi Dee0900 We created detection for the affected version of CCleaner when it came to light earliar today. https://blog.malwarebytes.com/security-world/2017/09/infected-ccleaner-downloads-from-official-servers/
  6. Yup, i just pushed out the next lot of new defs for today to the database . The faulting def was removed with the previous update cycle (#4) . Again our thanks for reporting this guys and apologies for any inconvenience caused. I will close this topic off now as it is now resolved.
  7. Hi guys We are pushing an update currently to fix this f/p Please can you up update and confirm that the detection no longers occurs. Thanks in advance and our apologies for incovenience caused.
  8. Hi and welcome to the Malwarebytes support forums You will need to restart your computer inorder for Malwarebytes to remove items that are locked up in the quarantine.
  9. Quarantine won't restore

    Hi Dave Thanks for the update If Malwarebytes experiences the failed to restore from quarantine issue then the computer will need to be restarted first and then the error will no longer occur when attempting to unquarantine items. Additionally an alternative way to configure Malwarebytes to ignore detections is to run a scan(to generate those detections). At the removal screen then make sure all required lines are unchecked and ask us to remove items. A secondary window will then be created where we offer the option to ignore once or ignore always. Selecting ignore always will automatically add items to the ignore list in the software.
  10. False Positive for PUP.Optional.Spigot

    Many thanks Kigen for reporting this. Confirmed this is a false positive and it will get fixed on our next database update today.
  11. sync-eu.exe.bid

    Hi and welcome to Malwarebytes support forums There are instructions in the following post how "sync-eu.exe.bid" can be added to the ignore list if required with a brief explaination why we alert to it.
  12. Auslogics Removed by MBAM Scan

    Hi Wittmann We currently are detecting certain Auslogics sofwares as PUP. (PUP stands for Potentially Unwanted Program). In your case it is wanted. Please can you update MBAM to the current database and run a new threatscan. This time at the end of the scan make sure all boxes are unchecked (EG empty) and then ask MBAM to remove the items found. This wiil generate a pop up windows asking if you would like to add those detections to the ignore list. Please select "Ignore always" for all detections and then rescan to confirm the items are no longer detected. Thanks in advance
  13. Hi DeanSF and welcome to the Malwarebytes support forums. It seems that the client application is sharing some data with the Mail.ru PUP software (PUP stands for Potentially Unwanted Program). Please can you update MBAM to the current database and run a new threatscan. This time at the end of the scan make sure all boxes are unchecked (EG empty) and then ask MBAM to remove the items found. This wiil generate a pop up windows asking if you would like to add those detections to the ignore list. Please select "Ignore always" for all detections and then rescan to confirm the items are no longer detected. Thanks in advance
  14. Hi AyeAyeCaptain It had been listed because there was a version being pushed on download wrappers back ~ 6months which contained a backdoored driver component. We listed as potentially unwanted at the time because of this and the fact the distributing wrapper was force installing it. However on current review we are no longer seeing the bad version being pushed recently so will delist the detection of the software on the next update cycle today. Thanks for reporting this
  15. GeekBuddy - Comodo RMM

    Hi JunkTony and welcome to the Malwarebytes support forums. GeekBuddy is a software also distributed by Comodo however your detections are confirmed false positives and will get fixed on the next update cycle today. Thank you for taking the time to report this.