hza
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by hza
-
-
And I forgot to mention: the software now starts automatically. I don't get the warning that the system is on risk.
Well, without the exclusion of explorer.exe and TheBat.exe (email client) the tasks were terminated (Thebat put into quarantine when purging it's message bases). Also the files were already listed as excluded ones (perhaps you remember by screenshots) I had to re-enter the files and now it works without problems.
-
The Malwarebytes Anti-Ransomware Beta 0.9.15.416 runs very smoothly here.
After I entered the files to be excluded manually again (after updating from 0.9.14.361) the exclusion works very fine and there were no more false positives reported and it also works fine together with another internet security software.
-
Thanks for your feedback!
Here are the requested files.. This morning I had some problems with the actual beta software
It considered the purging of The Bat message's bases as ransomware activity and put the the Thebat.exe in quarantine (even this file was already excluded - and virustotal.com showed no infection of it). Worse: after the requested reboot of the computer it encountered an error and did not start again Another reboot (well, a real hardware reboot with power off for some minutes) neither resolved the problem. So I had to remove the software and install it again. Bad: the file in the quarantine was gone and I had to repair / re-install TheBat Again I added all the lost filenames in the "exclusions section" of MBARW and now TheBat starts fine
and even purging of it's message bases is allowed.
Since I made a ZIP file the requested folders already yesterday I can provide you yesterday's (filename starting with 160331 and today's (160401) archives..I know they actual logs should contain all details of yesterday's archive.. but just in case something went wrong with re-installing the software....
PS: I noticed a huge difference in file size of the MBAMService Zips.. one file (a zip file in the TMP direcotry) in today's archive is gone.
-
I just wonder why explorer.exe was again discovered as ransomware when it was already white listed?
-
In the meantime I saw that a new beta (beta 6, build 0.9.15.415) is available. I updated the software and I was not able to reproduce the error again.
-
I got a new warning that EXPLORER.EXE (while deleting files in a folder) was detected as a ransomware and moved to the quarantine.
Problem: c:\windows\explorer.exe is already listed as an exclusion.
A scan of c:\windows\explorer.exe with virustotal.com showed that it is clean
So I wonder: is the exclusion of files really working at the moment? And again I ask politely the developers to add the full path info, when a ransomware was detected
-
FYI: the system restart solved the problem. In the last couple of hours my anti virus software scanned the drives and did not find any suspect files.
PS: it seems you know my system now much better than me
-
I hope this is not kind of built in Easter Egg
Something new happens this morning... several times in a row pop ups appear telling he some ransomware was detected and moved to quarantine, but no process name is given and the quarantine folder is empty (btw: does this feature already work? never had any process listed there?)
Even while writing this message a new detection note (Screenshot2703-004.jpg) appeared. I already have included the log files.
FYI: The reason for this (false) alarm might be caused by "Advanced Renamer 3.70" which I used before the alarm popped up and which was closed for a second when the alarm went on. My computer was scanned using the "fast scan" of Kaspersky Internet Security and the file seems to be ok, too https://www.virustotal.com/en/file/9976c9b78985a9d243877eb7b157edb8bd3f9dd8fc2767f833d9a20ccb4015a9/analysis/1459069281/
Another possible software causing these false alarms (the notes still appear!) might be Bath Purifier which I used before the popup appeared... but this file is clean, too https://www.virustotal.com/en/file/c628eb9995c44340884947f1f770ff2fdccd8c9403ee8f957b8aa9d4f3a1e3f6/analysis/1459069485/
Since the messages still appear I have to reboot the computer,now
-
Here are finally the two archives you have asked for .. Sorry for the delay.. At the moment the software starts automatically without any problems when the computer starts / is rebooted.
Hope everybody here is having a Happy Easter!
Thanks 1PW for your patience with us users
-
Thanks for your kind answer, 1PW.. but after clicking for the third time on the "Start Protection" link the software finally decided to activate the real time protection mode WITHOUT having to re-install it. Of course the software was installed with Admin rights and it worked fine for some time until suddenly something made it upset and it did decide not longer to start the protection.
For the developers of the software it's surely very difficult to find the solution why it behaves in such way
Everybody: have some wonderful holidays! Happy Easter Time!
-
It seems I was wrong.. restarting the computer again the message "Your computer is at risk" came again..
-
It's me again
This morning MARB came up (again) with the notice that the real time protection is not active.(This message did not appear for some time.)
I noticed when I click the red "FIX NOW" button the real time protection comes active, but only for this session. I have to click the smaller link "Start Protection" so that the software automatically starts with the computer
I wonder if this is just coincidence or a logic error..
-
1 hour ago, 1PW said:
C:\Windows\explorer.exe
The file c:\windows\explorer.exe WAS already added to the exclusion list and still it was (falsely) detected as ransomware. This is the list off all files listed as exclusions.
-
Sorry, I did not see this request
But finally here's the requested explorer.exe from the c:\Windows folder
-
Thanks for your reply.. Here are the two archives you asked for.
Additional info: explorer.exe in the win system folder was added to the exclusions before (it was the second time Anti-Ransomware tried to move explorer.exe to the quarantine folder).
-
Win10. Anti Ransomware Beta 0.0.14.361
The task explorer.exe was detected as ransomware while emptying the recycle bin
-
Can you please add the full path of detected ransomware? I had the false positive alarm of explorer.exe (see https://forums.malwarebytes.org/index.php?/topic/179646-false-positive-explorerexe/#entry1023298 ) and first I did not know if it was a false positive or the ransomware was using a well known filename. It would be much easier to decide if it is really a correct alarm.
-
PS: the detection / false alarm happened while Kaspersky Internet Security was scanning the computer for rootkits.
-
This alarm makes me think: wouldn't it be better when the FULL filename INCLUDING THE PATH would be displayed??
-
This morning MARB decided to block TheBat Email client V6.52
The software was not put into the Quarantine folder, after the computer (win10 pro, 64b) was restarted the software did work again.
-
I do have the same problem on a WIN10 pro computer which was updated from a WIN7 pro system.
-
When deleting lots of images using Polybytes Polyview64 software on a Windows10 computer Anti-Ransomware 0.9.14.351 reports the software as a Ransom software and claims it was put into quarantaine, which did not work. The execution of the Polybyte software is not possible until Windows was rebooted.
Screenshot:
It considered the purging of The Bat message's bases as ransomware activity and put the the Thebat.exe in quarantine (even this file was already excluded - and virustotal.com showed no infection of it). Worse: after the requested reboot of the computer it encountered an error and did not start again 
and even purging of it's message bases is allowed.
Feedback: works without any problems
in Anti-Ransomware Beta
Posted
I am using the beta version of Malwarebytes Anti-Ransomware on a computer with Win10 for some time. Now I added an older computer running Win7 prof 64bit in the network and installed the latest version of Malwarebytes Anti-Ransomware (which is probably beta 0.9.15.416) and this version works without any problems (had some problems with older betas reporting false positive warnings). Even deleting / moving lots of files over the network works very fine.