Jump to content

Demonslay335

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

About Demonslay335

  • Birthday 12/12/1991

Profile Information

  • Location
    USA

Recent Profile Visitors

806 profile views
  1. Our technicians have noticed this on multiple Windows 10 machines we service. If the system is running in Safe Mode (with and without Networking), there is a white bar covering part of the UI towards the top (see attached image). This bar covers the Dashboard button, the result count of a scan, and the tabs when under Settings. Does not reproduce in normal mode. I have not been able to reproduce it on a Windows 7 VM (don't have a 10 VM to test currently). The machine that this was screenshot on was running Windows 10 Version 1709 (Build 16299.248), but we have seen it on multiple Windows 10 machines with the latest build numbers. I have also attached the MB-Check archive from a sample machine (that is super duper infected). mb-check-results.zip
  2. Sorry, replies to this forum don't seem to be going to my email right, even after double-checking settings... Installed beta 5 (by time I got to seeing this post, that's the latest one). Build 0.9.14.361. It quarantined Yafu and ECM, which have never bothered it before. Attached new dump. MBARW-FILES.7z
  3. Another false-positive when SourceTree went to ask for my password to login to a Git repository. Attached MBARW files and the EXE that was quarantined (C:\Program Files (x86)\Atlassian\SourceTree\Askpass.exe). MBARW-FILES.7z Askpass.7z
  4. Must be fun, lol. Here's the three files it quarantined this morning. MBARW-FalsePositives.7z
  5. Blarg, it's going haywire again. Not sure if I should open a new topic since it's different false-positives. MBARW is quarantining Git (bundled with SourceTree) and Microsoft Word, and I think it's trying to mess with Chrome right now since my Hangouts is going nuts. I seem to have trouble with this program when I first startup my system. One thing that might not be helping is that I was working on improving the decrypter for Hidden Tear yesterday; it probably thought that when I compiled the decrypter and then committed to my local Git repository that Git was an infected process. Word was quarantined when I decrypted a .doc file successfully and viewed a preview of it in Explorer. Attached is a new dump. The NvStreamService.exe in the quarantine won't let me restore it, it says there was an error (not too concerned about that one). The others won't let me restore since they are pending deletion on reboot it says. MBARW-FILES.zip
  6. Pretty sure the 0.9.5.304 update fixed this. I restored from the quarantine after updating, and it hasn't triggered MBARW so far. I'll let you guys know if it comes up again.
  7. Thanks Nathan. Sorry for the delay, the forum didn't notify me of your reply, fixed those settings now. I see the procedure was posted just yesterday, lol. Here's the files. MBARWFILES.zip
  8. I've received a "Ransomware Detected" notification after installation of my nVidia graphics driver, and then Intel graphics driver. MBARW seems to not like the streaming service I guess for the nVidia, not sure what of the Intel driver triggered it. The install of the driver and GeForce Experience software completed fine, I got the notification after the installs. Here's the link to the exact file I downloaded from nVidia's website for my GeForce GT 525M on my laptop. http://us.download.nvidia.com/Windows/361.43/361.43-notebook-win8-win7-64bit-international-whql.exe Here's the Intel Graphics 3000 driver I downloaded from Intel's website (I know it's a "previously released" version, but the latest release is having a bug with my system that I'm troubleshooting). https://downloadmirror.intel.com/24696/a08/win64_152823.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.