Jump to content

Fatdcuk

Staff
  • Content Count

    20,717
  • Joined

Everything posted by Fatdcuk

  1. Thanks Dave for reporting this. I will get it fixed on the next update cycle today Locking the topic as it will be shortly resolved.
  2. Hi Dave and welcome to the Malwarebytes support forums Please can you attach a scan log showing when Malwarebytes has detected the file. Thanks in advance.
  3. Hi Pkshadow Just to confirm that dsengine.js and dsengine.cfg are not false positive detections. Because the files are overriding any changes to default search engine selection in the Firefox browser UI then they are considered as potentially unwanted. https://support.mozilla.org/en-US/questions/1194334 https://support.mozilla.org/en-US/questions/1197498 RE Lavasoft Web Companion detection by Adware Cleaner then I believe this is an intentional detection by them. However if you require further clarification then please start a new topic in the following sub forum and the guys that work on it will be able to respond. https://forums.malwarebytes.com/forum/187-malwarebytes-adwcleaner/ Since your initial report has been responded too i am now going to lock this topic as concluded.
  4. Hi and welcome to the Malwarebytes supports forums This is not a false positive detection.
  5. Hi guys Confirmed these were f/p detection(s) and they should be fixed with the following database update. MBAM2 Version: v2017.12.07.08 MBAM3 Version: 1.0.3436
  6. Hi guys Confirmed these were f/p detection(s) and they should be fixed with the following database update. MBAM2 Version: v2017.12.07.08 MBAM3 Version: 1.0.3436
  7. Hi its not a bug but by design Detection technical data removed.
  8. Hi We rolled out fixing for startup URL, newtab, homebutton and search engines with multi profile support for all fixing. In all theories we should not be targeting chrome cookie data but some of the settings do get backed up to WebData file.
  9. Hi, These are not f/p detections but we introduced new chrome fixing 2 days ago. Chrome is not distributing malware/PUP's intentionally but its Sync service when used will save many Chrome settings/extensions/search engines that can potentially include any bad ones if you may have onboard at the time of setting up the sync service or any installed along the way with sync service active. It is a great feature to be able to transfer your profile across multiple devices but it cant differentiate between good or bad stuff when syncing data.. The current issues with repeat detections are being caused by Chrome sync service restoring bad data that we are attempting to remove. We are at the moment working towards a fix to the sync service issue and apologise for any alarm or inconvenience caused. As as interim work around to stop the detection(s) then staying signed out of sync service will stop bad data being rewritten or alternatively you can temporarily set exclusions in malwarebytes for the file(s) where the detection(s) are being made. https://support.malwarebytes.com/docs/DOC-1058 For example but your pathway for the files will be listed in a Malwarebytes scan log where the detections are made. C:\Users\%YOURUSERACCOUNT%\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences C:\Users\%YOURUSERACCOUNT%\AppData\Local\Google\Chrome\User Data\Default\Web Cache
  10. Hi alex-bukach and welcome to the Malwarebytes support forums Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  11. Hi bunniem and welcome to the Malwarebytes support forums Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  12. Hi briocosmic and welcome to the Malwarebytes support forums Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  13. Hi gima and welcome to the Malwarebytes support forums Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  14. Hi guys Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  15. Hi phoneend and welcome to the Malwarebytes support forums Please can you follow the steps in this guide first. https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ If detections continue afterwards please can you start a new topic to report this. Thanks in advance
  16. Hi and welcome to the Malwarebytes support forums. These are not false positives. The 3 softwares provided are download wrappers so are correctly flagged as PUP.Optional.BundleInstaller. https://www.virustotal.com/en/file/14bd93a7d045c2ac53d1f8d745a33d024823f4ae659ebb2f6e54538d162c44f3/analysis/
  17. Hi Clang Yes it is and it got fixed the other day. Your scan log is showing an older database => Update Package Version: 1.0.3103 If you update in the software then the detections should no longer persist.
  18. Hi lmacri Thanks for reporting this and confirmed it is a f/p. We will get this fixed on the next update cycle.
  19. Hi DroidBytes Thank you for reporting this and confirmed it is a F/p and we will get this fixed. It is safe to restore those items from the quarantine.
  20. Hi Not 100% sure what has occured for you, possibly if your running MBAM from a limited user account that can sometimes interfere with removals from the HKLM hive. That said we should not be removing that key (It belongs to CCleaner Cloud ops) but only removing the data stored under that key should it be MUID or TCID or NID which are the values set when the affected installer has been run. If none of those values are present then the detection of the key should not occur.
  21. Hi and sorry for the delay in replying as this thread had been overlooked. Avast had purchased Piriform but are keeping the software/company by its original names. Once we became aware of the hack (as the whole industry became aware) we created detection for the bad installer and the compromised software executable file. This would have prompted our software to detect and quarantine those affected files. The removal of ccleaner.exe(32 bit) would break the software operations on 32bit OS's and hence the need to update to the new non affected version. * the 64bit ccleaner.exe executable was not compromised but because of how CCleaner chooses to install then the affected version had both executables present(32 & 64bit). Users using CCleaner on 64 bit OS's would not be affected as it is only the 32bit executable that was compromised and the 64bit OS would not use that executable file when loading the software. We laterly added detection for a registry trace that was only present after the original compromised installer had been run. * This detection would be present on both 32 and 64 bit installs, but it is only 32 bit installs that were potentially compromised. That trace was a "marker" and not an active component part of the compromised version but we decided we would remove it none the less. Back to your initial question(s) then if you have removed the bad 32 executable (ccleaner.exe) then it is no longer an active risk. Were you at risk ? Alas the compromised version was backdoored so everytime the software was previously launched so was the backdoor code. Had the active backdoor been exploited then we cannot tell you the answer to that but all we can advise is as with any potential security breach you change all your passwords from a secure computer .If you have used the affected computer for data sensitive activities such as online banking, online purchasing or sensitive work we would advise you contact your bank and/or work IT to advise them of your potential exposure to a data breach so the appropriate steps can be taken to protect yourself and others.
  22. You are correct and we all feel that same frustration . Alas that is the ongoing problem which is industry wide. In this instance the whole industry was caught out by this trusted chain hack. Unfortunately it is an ongoing game of cat and mouse where the bad actors always get to go first. We all can try to develope new technologies to mitigate risk against attacks but still as of yet there is no mythical silver bullet that can protect 100% on every potential attack scenario.
  23. Hi Dee0900 We created detection for the affected version of CCleaner when it came to light earliar today. https://blog.malwarebytes.com/security-world/2017/09/infected-ccleaner-downloads-from-official-servers/
  24. Yup, i just pushed out the next lot of new defs for today to the database . The faulting def was removed with the previous update cycle (#4) . Again our thanks for reporting this guys and apologies for any inconvenience caused. I will close this topic off now as it is now resolved.
  25. Hi guys We are pushing an update currently to fix this f/p Please can you up update and confirm that the detection no longers occurs. Thanks in advance and our apologies for incovenience caused.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.