gmariani405

No, thank you for investigating!

Received what I HOPE is a false positive but wanted to see if you guys could verify. I received this message from Malwarebytes: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/17/2024 Scan Time: 2:51 AM Log File: 31e3bb72-5c65-11ef-837e-18c04d8ede59.json -Software Information- Version: 5.1.9.124 Components Version: 1.0.5009 Update Package Version: 1.0.87966 License: Premium -System Information- OS: Windows 11 (Build 22631.4037) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 431600 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 2 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled File system: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.4250058270, C:\USERS\GMARI\DOWNLOADS\EMPEROR - BATTLE FOR DUNE\EMPERORLAUNCHER.EXE, No Action By User, 1000000, -44909026, 1.0.87966, B9DFE1D10F81E073FD52BE1E, dds, 02959324, 6E46EC39AB2A53F0911E8BC77EA4C259, 038421636DF34FBFC25CDB92ACD0815A749BCC2185DFAFD5C861EB3679E7666F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) The file in question comes from a user mod to modify the old Emperor - Battle for Dune game to work on modern computers: https://github.com/wheybags/EmperorLauncher/releases/tag/v1.0 Can you confirm if it is indeed malicious or just getting flagged because of how it modifies the game?

I wanted to thank you for the extra information. I spoke with the vendor (encytro.com) who apparently using a software built by SAINT to work with clients with dynamic IPs when doing PCI scans. They are currently working to get an updated version of the software that is not flagged as a virus. Hopefully that coincides with what you see on malwarebytes side but it seemed plausible as since that doesn't apply to my situation we don't need to install the software.

I'm not 100% sure if this (maverickbankcard.pcicompliance.ws) is a false positive but this is the site our payment gateway sent us for PCI compliance. It's marked as riskware, does that mean it's still safe to visit just be wary of any software they use? Or does that mean it's unsafe to visit at all and I need to inform them of the issues? I really wish Malwarebytes' messages would explain why it was blocked, like a specific vulnerability or something. If you can give some guidance or details I'd appreciate it ---------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/5/2024 Protection Event Time: 12:00 PM Log File: cbf7db9c-5343-11ef-9744-84ba59358846.json -Software Information- Version: 5.1.7.121 Components Version: 1.0.1293 Update Package Version: 1.0.87518 License: Premium -System Information- OS: Windows 11 (Build 22631.3880) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, 2126C7C7750B19301AB9CF5B83163629, 39C6FDA982646F8595D2DE92FD6A4A47CA6D494C74E10ACFD5A539636FE0B500 -Website Data- Category: RiskWare Domain: maverickbankcard.pcicompliance.ws IP Address: 23.99.196.180 Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)

@jtodd234 Excellent, thank you! Appreciate you looking into this.

@jtodd234 I updated the ticket Friday with some details on the assumption you would have a moment to review it. But i only got an automated reply from you asking if everything was taken care of. Did you get a chance to review what I sent?

@jtodd234 The first ticket is #4632179, and second ticket is #4646852. I'll follow up in #4646852 with more details assuming you'll be able to see them there.

We manage IT for a single office and our own company. So not a wide variety of clients, so there are only two accounts. Many of these licenses were purchased before I worked here ~10 years ago. But the client we have, has about 25~ licenses. Our company has about 10~. Certainly not as many as @porthos by a long shot, but still certainly confusing to navigate more than 2-3 licenses as they all start to look the same as you're scrolling and have no idea where you are in the list. We don't really plan to be buying any more licenses unless something new pops up, but we recently replaced many of the computers in the office and with the upgrade to v5 we now have to connect them to the accounts where we previously just entered licenses. And in an effort to keep the client licenses in their possession I've been trying to add them to their account but it's a bit of a mess on my.malwarebytes.com.

@Porthos The first screenshot was on my work computer, I'm remote today but I took a screenshot again from my home office computer and it's pretty close. My monitor is 3440x1440 and i can still only see 2-2.5 licenses at a time. Please see attached.

@Porthos That screenshot i posted was the full height of my monitor. So i literally can only see two at a time, I have no earthly idea how you manage 540. That is truly a feat. @SPDIF What do you search on? In the screenshot the licenses are identical, so there is nothing to key on. Or am I missing something?

As with other folks that have been using Malwarebytes for years, I have many lifetime licenses I purchased over the years legitimately. With the push to v5, I noticed we now need to login using our Malwarebytes Account. That's fine, I'm not one to fight change, it needs to happen eventually so I create accounts only to find some licenses already in there. I'd say half the licenses I manage belong to Business A and the rest to Business B, so I have two Malwarebytes Accounts. Except that Malwarebytes took it upon itself to assign licenses willy-nilly. 1. Ok, so I'll just move a license from one account to another... I can't remove a license from an account 2. I open a support ticket to have them remove the license: "Unfortunately, there is no option on your end to remove the subscription from the account, I can try to have our back-end team remove the subscription from your account. " - 5/8/2024 I dropped it at this point as I got busy. 3. Let me try to add some of my licenses to said Business B account.... there is no option to add an existing license. After 1.5hrs with support, they have me switch to the Business license portion of the account and there I can add my license so I do so as a test. They open a ticket to fix the portal and to their credit, in the next day or so it's fixed and I can now add an existing license to the Consumer license portion of my account. 4. I ask support to move the license from the Business side to the Consumer side: "Once the licensed key is added we can no longer make any changes to it. I apologize. I already confirm this with our back end." - Malwarebytes Support 6/5/2024 5. I start adding licenses to Business B's account and every license looks the same (see attached), and they are shuffled each time the page is reloaded. So the only way to tell which license is which, and which device it's added to is to click on each one individually (which changes pages). So if you click one, and go back, hope the scrollbar remembers where it was because you can only see two licenses at a time and they all look the same. This UI is terrible. 6. On top of this, I went to try to match up which license is being used on which computer. But with the upgrade to v5, it no longer displays the actual license used in the About info like it did in v4. So i ended up having to guess and hope my old documentation is still correct. My wishlist is this: 1. Be able to move licenses from one account to another, even if it requires a support ticket to do so. 2. Be able to see more than two licenses on a full screen at a time. 3. Be able to see a license number or device name or SOMETHING to tell the licenses apart. Or maybe even name them. At one point I was able to add a tag to licenses but that feature seems to have disappeared. But even then, i was only able to add ONE tag (which kinda defeats the purpose of a tag), and was limited to like 12 characters. 4. Be able to move licenses from Business to Consumer and vice-versa (even if it requires a support ticket to do so) 5. Re-add the full license that is activated on the computer in the Malwarebytes application About info. It's a PITA to try to track down who is using what license if you hide it. This license portal/change really feels half-baked and still beta. Hopefully you guys can update it to make it usable for folks with more than one subscription/license as right now it doesn't seem like it was built for the people that will actually use it.

Thanks, I'll take this to the host vendor since i know this is a shared IP.

A client site of our is marked as trojan/malicious. I took a look around and scanned it with WordFence (it's a wordpress site) and nothing looks amiss. Checked virustotal and it came back totally clean too. Can you please double check that this truly is bad, if not please remove it from the blocklist. Thanks!

@Benno1024 I took a look, nothing Malwarebytes related in there. The last one in there is from 4/18/2024 12:00am "AsusSystemAnalysis.exe.10684.dmp" (almost all are from Asus) Looking in the C:\Windows\System32\config\systemprofile\AppData\Local\Malwarebytes\Logs folder the last one is from 3/12/2024 9:46 am, which was well before switching to v5. Let me know if you need me to look for anything else.

Just wanted to give an update. I checked with the user and they have had no issues since. I checked the Event Viewer just to be sure there wasn't anything they might have missed. I didn't see any other issues with Outlook, but did see this and figured it might be helpful to you guys since v5 is so new. Besides that, I'd say that fixed the issue for them, thank you! Log Name: Application Source: Application Error Date: 4/19/2024 5:35:26 PM Event ID: 1000 Task Category: Application Crashing Events Level: Error Keywords: User: SYSTEM Computer: USERNAME-PC Description: Faulting application name: MBAMService.exe, version: 3.2.0.1284, time stamp: 0x65fad24f Faulting module name: mbae-api-na.dll_unloaded, version: 1.13.4.585, time stamp: 0x65a15425 Exception code: 0xc0000005 Fault offset: 0x0000000000038d72 Faulting process id: 0x0x2AAC Faulting application start time: 0x0x1DA90F7DB79952E Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Faulting module path: mbae-api-na.dll Report Id: 5a7a8475-7224-40da-8c77-6f57fa688819 Faulting package full name: Faulting package-relative application ID: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> <EventID>1000</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-04-19T21:35:26.4932948Z" /> <EventRecordID>130470</EventRecordID> <Correlation /> <Execution ProcessID="10632" ThreadID="24640" /> <Channel>Application</Channel> <Computer>USERNAME-PC</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="AppName">MBAMService.exe</Data> <Data Name="AppVersion">3.2.0.1284</Data> <Data Name="AppTimeStamp">65fad24f</Data> <Data Name="ModuleName">mbae-api-na.dll_unloaded</Data> <Data Name="ModuleVersion">1.13.4.585</Data> <Data Name="ModuleTimeStamp">65a15425</Data> <Data Name="ExceptionCode">c0000005</Data> <Data Name="FaultingOffset">0000000000038d72</Data> <Data Name="ProcessId">0x2aac</Data> <Data Name="ProcessCreationTime">0x1da90f7db79952e</Data> <Data Name="AppPath">C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe</Data> <Data Name="ModulePath">mbae-api-na.dll</Data> <Data Name="IntegratorReportId">5a7a8475-7224-40da-8c77-6f57fa688819</Data> <Data Name="PackageFullName"> </Data> <Data Name="PackageRelativeAppId"> </Data> </EventData> </Event>

Ok I have it installed, I'll keep you posted if the user runs into it again. It had crashed again at 4/18/2024 @ 6:45am, but that was before I did this. So I'll track this for the next week or so and let you know if it happens again. Log Name: Application Source: Application Error Date: 4/18/2024 6:45:46 AM Event ID: 1000 Task Category: Application Crashing Events Level: Error Keywords: User: USERNAME-PC\username Computer: USERNAME-PC Description: Faulting application name: OUTLOOK.EXE, version: 16.0.17425.20176, time stamp: 0x6610b31c Faulting module name: mbae64.dll, version: 1.13.4.585, time stamp: 0x65a15430 Exception code: 0xc0000005 Fault offset: 0x000000000002329c Faulting process id: 0x0x3E54 Faulting application start time: 0x0x1DA917D8278103D Faulting application path: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll Report Id: b1dcb0aa-4288-43fe-ae0b-3066788ff7e2 Faulting package full name: Faulting package-relative application ID: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> <EventID>1000</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-04-18T10:45:46.2864047Z" /> <EventRecordID>130016</EventRecordID> <Correlation /> <Execution ProcessID="17544" ThreadID="2544" /> <Channel>Application</Channel> <Computer>USERNAME-PC</Computer> <Security UserID="S-1-5-21-...-1001" /> </System> <EventData> <Data Name="AppName">OUTLOOK.EXE</Data> <Data Name="AppVersion">16.0.17425.20176</Data> <Data Name="AppTimeStamp">6610b31c</Data> <Data Name="ModuleName">mbae64.dll</Data> <Data Name="ModuleVersion">1.13.4.585</Data> <Data Name="ModuleTimeStamp">65a15430</Data> <Data Name="ExceptionCode">c0000005</Data> <Data Name="FaultingOffset">000000000002329c</Data> <Data Name="ProcessId">0x3e54</Data> <Data Name="ProcessCreationTime">0x1da917d8278103d</Data> <Data Name="AppPath">C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE</Data> <Data Name="ModulePath">C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll</Data> <Data Name="IntegratorReportId">b1dcb0aa-4288-43fe-ae0b-3066788ff7e2</Data> <Data Name="PackageFullName"> </Data> <Data Name="PackageRelativeAppId"> </Data> </EventData> </Event>

I haven't ignored your suggestion, trying to coordinate with the user. It says it might need to reboot to uninstall and they leave about 30 windows open. Once I'm able to do this I'll post a follow up.

Yes it's a business computer, and I manage it.

Vipre doesn't have any documentation on excluding itself from other software, so i just added this folder to the exclusions list: C:\Program Files\VIPRE Business Agent . Will see if that makes a difference.

@Porthos I reviewed the settings and this is what I found: 1. We are using Vipre AV, and I had these already in the exclusion list: C:\ProgramData\Malwarebytes\ C:\Program Files\Malwarebytes\ But I went ahead and added these domains and files to the exclusion list: https://support.malwarebytes.com/hc/en-us/articles/360038516734-Firewall-Rules-for-Desktop-Security-on-Windows-devices https://support.malwarebytes.com/hc/en-us/articles/360038522974-Add-Malwarebytes-to-the-allow-list-on-other-apps https://support.malwarebytes.com/hc/en-us/articles/360063191033-System-requirements-for-Toolset 2. I reviewed the settings and "Block penetration testing attacks" was already disabled. I took some screenshots of the settings there in-case there is anything else in there of use.

I have a user running Microsoft 365 and Outlook (v2403 b17425.20176) and has been crashing due to mbae64.dll lately. I tried updating Malwarebytes from 4.6.11 to 4.6.12 on 4/08/2024 to see if that would help, no dice.... Malwarebytes Info: Version: 4.6.12.323 Update package version: 1.0.83483 Component package version: 1.0.2309 Crash History (times are EDT): 4/15/2024 02:43 PM 4/08/2024 03:49 PM 4/02/2024 03:12 PM 4/02/2024 11:11 AM 3/28/2024 12:41 PM 2/21/2024 01:09 PM 2/21/2024 01:06 PM 2/16/2024 02:33 PM Here is a sample event log from Event Viewer: Log Name: Application Source: Application Error Date: 4/15/2024 2:43:54 PM Event ID: 1000 Task Category: Application Crashing Events Level: Error Keywords: User: USERNAME-PC\username Computer: USERNAME-PC Description: Faulting application name: OUTLOOK.EXE, version: 16.0.17425.20176, time stamp: 0x6610b31c Faulting module name: mbae64.dll, version: 1.13.4.585, time stamp: 0x65a15430 Exception code: 0xc0000005 Fault offset: 0x000000000002329c Faulting process id: 0x0x47DC Faulting application start time: 0x0x1DA8F21B0CAA02B Faulting application path: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll Report Id: 8a88e551-2fdc-4dfd-b7f9-d7fc64c796ae Faulting package full name: Faulting package-relative application ID: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" Guid="{a0e9b465-b939-57d7-b27d-95d8e925ff57}" /> <EventID>1000</EventID> <Version>0</Version> <Level>2</Level> <Task>100</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2024-04-15T18:43:54.8888789Z" /> <EventRecordID>129358</EventRecordID> <Correlation /> <Execution ProcessID="20064" ThreadID="19804" /> <Channel>Application</Channel> <Computer>USERNAME-PC</Computer> <Security UserID="S-1-5-21-...-1001" /> </System> <EventData> <Data Name="AppName">OUTLOOK.EXE</Data> <Data Name="AppVersion">16.0.17425.20176</Data> <Data Name="AppTimeStamp">6610b31c</Data> <Data Name="ModuleName">mbae64.dll</Data> <Data Name="ModuleVersion">1.13.4.585</Data> <Data Name="ModuleTimeStamp">65a15430</Data> <Data Name="ExceptionCode">c0000005</Data> <Data Name="FaultingOffset">000000000002329c</Data> <Data Name="ProcessId">0x47dc</Data> <Data Name="ProcessCreationTime">0x1da8f21b0caa02b</Data> <Data Name="AppPath">C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE</Data> <Data Name="ModulePath">C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll</Data> <Data Name="IntegratorReportId">8a88e551-2fdc-4dfd-b7f9-d7fc64c796ae</Data> <Data Name="PackageFullName"> </Data> <Data Name="PackageRelativeAppId"> </Data> </EventData> </Event> Attached support files as well to try and help things move along. mbst-grab-results.zip

After enabling beta updates, it took a good few minutes before i was able to update to the beta version. I had to have it check for updates a couple of times before it switched. Maybe just give it a minute.

JUST ran into this. this happened back on 8/28 and i had to reinstall node. very annoying.

hxxps://west-state.net/ Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/29/22 Protection Event Time: 9:55 AM Log File: 356f958a-27a2-11ed-a756-08626682a4b1.json -Software Information- Version: 4.5.12.204 Components Version: 1.0.1725 Update Package Version: 1.0.59357 License: Premium -System Information- OS: Windows 10 (Build 19043.1889) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: west-state.net IP Address: 209.87.149.245 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

@Firefox Here you go! https://we.tl/t-I61dvpClMU