Jump to content

Fatdcuk

Staff
  • Content Count

    20,723
  • Joined

Posts posted by Fatdcuk


  1. Hi,

     

    Yes some malware has been seen to set itself either as IFEO(Image File Execution Object) or set itself as as debugger so it is called when the parent file is executed.

     

    The ignore detection would ignore the whole registry key where the hijack is being detected so would be unable to monitor for future changes should they occur.

     

    Looking into this deeper currently for a possible solution.

     

    Will PM you back if we can get a fix available.


  2. Hi MCFatTongue and welcome to the Malwarebytes support forums.

     

    In your particular instance this is a false positive detection as its a legitimate program setting itself as the default debugger for FireFox.

    However this is a trick commonly used by malware.so we will not be removing the hijack detection.

     

    You can safely add this detection to the ignore list inorder not to see this again when you scan.


  3. Ok can now see what is occuring and thanks for providing the log.

    https://www.google.co.uk/search?site=&source=hp&q={BDB69379-802F-4eaf-B541-F8DE92DD98DB}&oq={BDB69379-802F-4eaf-B541-F8DE92DD98DB}&gs_l=hp.12...1965.1965.0.3040.1.1.0.0.0.0.65.65.1.1.0....0...1c.2.30.hp..1.0.0._XO7-2YE7YY

    The GUID is assoicated with Babyon ToolBar but looks to be cross plaform with other Conduit Toolbars.

     

    Will fix this on the next update cycle.

     

    Thanks for bringing this to our attention Jerry :)


  4. Hi Sassi,

    They are currently using the FreeNew downloader to install the target application.

     

    The FreeNew downloader bundles multiple additional applications.(Some are opt in and in the case of the following screenshot is no option but to install a secondary application).

     

    Since some people would only want the original application and not the additional applications then the behavour might be considered Potentially Unwanted by some users.

     

    post-1856-0-87722400-1382356066_thumb.jp

     

    It is end users choice whether they wish to accept the extra applications but our detection is alerting to the present of the download wrapper and not on the target application.

     

     


  5. Hi Fred2Stoke,

     

    I really am bamboolzed by what you are reporting.

     

    Without having the file from the log i cant with 100% certainty troubleshoot whether its a bad def or whether it something peculiar to your setup(s) but if we were affecting windows updating process i would expect to have seen a flood of reports from end users with simillar issues.

     

    That said if you could verify whether the behaviour is repeated again by trying to install the failed update one more time.


  6. Hi Fred2Stroke.

     

    Please can you zip and attach a MBAM log for the detection and also if possible a file for which the MBAM is detecting.

     

    *You might have to turn off our realtime protection module, inorder to restore from quarantine.Then re-enable the protection module once you have a zipped copy of the file.

     

    Thanks in advance.


  7. Hello and welcome to the Malwarebytes support forums :)

     

    We are not detecting your software as a virus or as malicious but as a "PUP.Optional"

     

    e.g  Potentially Unwanted Program

     

    Please reference this article for our reason to adopting a new more aggresive stance on PUP detections.

    http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/

     

    Please also read here for details if you wish to dispute the classification.

    https://forums.malwarebytes.org/index.php?showtopic=130207


  8. Hello,

     

    have loaded down an update concerning the tool "Garmin express"  being used to

    install new maps for the Garmin car navigation sets. A scan prior to the download

    resulted into 0 infected items. After the download, Malwarebytes noted

    21 pup optionals of various kinds. Maybe these "pups" are essential for

    installing the maps correctly, hence should not be removed.

    What do you say?

     

    Best regards!

    Peter :(       

     

     

    Greetings Peter.

     

    Did you download the update from the authors website (http://software.garmin.com/en-US/express.html)

      or from a 3rd party hosting site ?

     

    The reason why i ask is i cannot replicate your detections from software hosted at the authors site but when you search "Garmin express" download there are 3rd party sites offering free downloads of which some utilize download wrappers.This is where they add their own choice of  additional softwares.Often this is a pay per install basis so they get paid for installing additional softwares(s) on a end users computer.

     

    In the case of download wrappers the additional software(s) are not mission critical for the original target software but are there to make money for the download hosting site.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.