perryb

Hello TVK5300, Thank you for reporting this detection.. It will be removed in pending definition updates.

Hello Robertiy, Welcome to !! It does appear that we correctly detect the file and, you may also find others to be found upon a deep scan with the latest definitions. If you should notice any other symptoms, could you please follow the instructions below so we can see if there may be anything else present. Since you had deleted the file it will be difficult for us to analyze it, however upon my research it was correctly detected. In the future, it is best to 'quarantine' the files that are found so they can be restored, or analyzed further if necessary. If you should notice any other symptoms, please follow the instructions below. Best regards, Perry Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach logs to your reply if possible. Otherwise you may copy/paste the logs directly if you have to. Then post a new topic here. After posting your new post, make sure under options, you select Follow this topic button and choose Immediate Email Notification One of the expert helpers there will give you one-on-one assistance when one becomes available. Please refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. Also, please do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help. NOTE: If you're using Peer 2 Peer software such as uTorrent or similar please completely disable it from running while being assisted here. NOTE: Please be patient. When the site is busy it can sometimes take up to 48 hours before someone will be able to assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

Hello Mekinney, Thank you for reporting this to us. Could you please provide the logs and the samples that was quarantined? I have checked the samples provided and i do not see an initial detection on those, so the logs will be helpful in determining the cause of the detection.. Please navigate to C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\ Please submit your "Logs" and Quarantine" folder so we can analyze exactly what has been detected. Thank you in advance, Perry

Hello DamCar, Thank you for using our forums!! From our research, of your log submitted, we have found that based on the following criteria www.malwarebytes.com/pup it is correctly being detected. To ensure that the criteria we have created is prevalent to our policy we follow guidelines. you can read our official statement here: https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/ However, to prevent Malwarebytes from detecting it if you wish to keep the program, you can 'allow it' once a scan has been completed and it will no longer be detected. If you should need assistance with this, you can contact our support department and we will be happy to walk you through allowing it from being flagged. While we work extremely hard to prevent identifying something that should not be, there are occasion’s this may be true. Should you feel the program does not match the, please provide the files for us so we can ensure it does not match the policy regarding P.U.P. software. If you are the developer of the application being flagged, or you have since fixed or changed the offending criteria; We ask that you please submit an application for reconsideration, please email legal@malwarebytes.com and they will be happy to assist you further. Perry

Hello Jerry, You're very welcome, thank you very much for bringing it to our attention and also discovering new material on our forum. Please let us know should you notice the machine(s) exhibiting any other symptoms or perhaps if you may need additional assistance, or have any questions.. Best Regards, Perry

Hello Cobbgw, Thank you for bringing this to our attention, while we go to extreme lengths to prevent these from being detected on occasion we will detect a legitimate file as due to it's behavior or other factor's... This will be fixed in the next updates that are released, please let me know if you should notice it still being detected or causing any problems.. Thank you for your patience, and using our forums! Perry

Hello kirap8, I had confirmed that the site url that you had posted does host malicious files and they will be analyzed. In addition, I moved your post to our malware removal section of our forum to assist with removing the specific infection you are experiencing, while we also research the samples that are being hosted there. We ask that you not post 'clickable' links to suspected malware/compromised sites to prevent others from being exposed and to upload the URL or sample to http://VirusTotal.com and post the url of the scan results from there. Someone will be in contact with you soon... Sorry for any inconveniences, I also posted a couple links below that you could reference in the future as we encourage the use of our forum's for assistance and or sample submissions... Please reference the following on how to provide sample submissions to be analyzed and detect undetected threats from the links below.. -Purpose of this forum -Malware Hunters group -Malware hunters please read https://www.virustotal.com/en/url/774576f60f62c870e3ac73759e8fd663fc63258428e597b6c84946167fafed1d/analysis/1475472435/ Perry

Hey Charlie, You're very welcome, thank you for being a member of our forum!! Have a wonderful day! Perry

Hey Charlie, I just wanted to let you know to go ahead and update, and also advise any others that may have had that version/issue installed that it is no longer being detected. Thanks again! Perry

Hey Charlie, You're welcome!! Yes, it did prompt to download/update .net, however we still had error's after updating. This was without 'Real-Time' protection being enabled so that file was not being blocked or removed upon attempting to complete the installation... Also, I did not register prior to attempting the installation, so it is possible that may have been what was causing the error's upon installation, however these were before the options page come up to register, or use an already registered email address... Hope this helps in troubleshooting the installation error's. Perry

Hello Charlie, We was still able to identify the file to be non-malicious, however you could still use the data that Blender provided above to troubleshoot and further development of the application. The file will no longer be detected in v2016.09.29.03, sorry for any inconveniences and thank you in advance! Perry

Hello Charlie, Thank you, we will begin analyzing the files now, and will update you once we have completed... Thank you! Perry

Hello Charlie, Thank you for bringing this to our attention, could you please provide a link to the the installation file, or upload the Zac Browser installer in a password protected archive here so we are able to further review how this is being detected? https://support.malwarebytes.com/customer/en/portal/articles/2029551-how-do-i-attach-a-file-to-a-support-ticket-?b_id=6438 Thank you in advance, Perry

Hello Bconner, Thank you for using our forums! and bringing this to our attention, we will analyze the site as soon as possible... Perry

Hello Vinodyamala, You will want to ensure that you have protection running, and with current definitions on all machines. It is possible there is a machine on the network that is re-infecting the lync server upon removal, i.e. scan, quarantine it only to re-appear again... I have included an over-view of one of the analysis of a Bitcoin-miner sample below, although there are several variations so it would be difficult to provide any more specifics without actually knowing the exact name(s) it is being detected as.. In addition the second link I provided will outline the steps to create a new forum post in a different section of our Forum and someone will assist you with attempting to re-mediate the threat and they also will be able to provide more specifics once they have an opportunity to view the logs and see exactly what is being detected... Information Regarding a variant of BitCoinMiner: https://blog.malwarebytes.com/threats/mobile-pup/ Steps to create a new Forum Post for assistance with Remediation: Please let me know if you should need additional assistance! Perry

Hello Vinodyamala, I am happy to hear that you was able to resolve the problem... Its always important to ensure to update prior to running a scan... Please let us know if you have any other issues. Have a great day, sorry for the inconvenience... Perry

Hello Vinodyamala, Sorry to hear that, I assume you have updated your definitions? If so, could you please provide the sample that is being detected in addition to uploading it to VirusTotal.com. You can restore the file from Quarantine by opening MalwareBytes > History Tab > Quarantine > Check the box for the new detected file. It will place it back in its original location of where it was when it was detected. Then if you could please upload it to http://virustotal.com/ and provide a link to the analysis along with the file being detected. Thank you in advance! Perry

Hello Vinod!! I apologize I mis-understood, You will want to go to the system that it was detected. 1. Open MalwareBytes > 2. History Tab > 3. Quarantine. > Locate the scan occurring at 9/2/2016 4:46:35 AM & 9/2/2016 5:16:25 AM You will then see the file that it had quarantined (if it was indeed quarantined). If so, you would 'check mark' the files originally detected, and choose 'Restore'- (As now they should not be detected) I noticed that you had provided the file paths when you had initially reported the false positive. I have outlined them below. Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined C:\Program Files\Microsoft Office 15\root\office15\orgchart.exe Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined C:\ProgramFiles\MicrosoftOffice15\Data\Updates\Apply\PackageFiles\root\Office15\ORGCHART.EXE Ransom.Crysis 9/2/2016 5:16:25 AM Quarantined C:\Program Files\Microsoft Office\root\Office16\ORGCHART.EXE Ransom.Crysis 9/2/2016 4:46:35 Quarantined C:\ProgramFiles(x86)\Microsoftffice\Updates\Download\PackageFiles\16.0.6965.2076\root\Office16\ORGCHART.EXE Please let me know if you have any more questions or need additional assistance. Perry

Hello Vinodyamala, It's hard to say what may have actually 'triggered' that file to be be detected... There was something within his file that matched our definition triggering the detection.. Also, despite having the same file, and perhaps the same version, but the data contained within it may be different then the one that is on your's. This would trigger the detection only on his system, and not your's as there was something within his file matched our rule... Also, it's possible that you may have had different database updates, or software versions, but most likely it was just a difference between the two files. Please let us know if you should still have any questions, or need additional assistance... Thank you for bringing this to our prompt attention and being a forum member! Perry

Hello, Thanks again for for letting us know.. No, It's never good thing when the work phone goes off at 3:00am, that's for sure!!I We are always monitoring for the possibility, so we can reverse it as soon as possible. In addition, we are reviewing it so we can try to prevent it from happening in the future.. Please let me know if you should have any questions or need additional assistance.. Thank you for being a member of our forums!! Perry Bonnell

Hello mannymanWarrior, Thank you for bringing this to our attention. It was indeed a False Positive, and we have corrected it. Please update your definitions to v2016.09.02.04 prior to running a subsequent scan.. Once they have downloaded your next scan should not detect that file... Thank you very much for bringing this to our prompt attention! Perry Bonnell

Hello Saue, I wanted to let you know that we have removed it from our database and to continue to check for updates until you receive v2016.09.02.04 prior to running a subsequent scan.. Once they have downloaded your next scan should not detect that file again... Thank you very much for bringing this to our prompt attention! I assume that you are familiar with restoring the file from Quarantine? If not, please feel free to contact us or reply back to this thread should you need assistance doing so, or if you have any other questions. We thank you very much for using our forums and bringing anything that you find suspicious to our attention, no matter how minimal it may seem... Thanks Again, have a wonderful day! Perry Bonnell

Hello Saue, Thank you for the file, it is indeed a false positive and will be removed in the pending definitions. Thank you for advising us of this detection! https://www.virustotal.com/en/file/069e3d9eedc5a9b8b07e76b45fc80acafdba3c76a560606d3123edbd442c5f67/analysis/1472799462/ 069e3d9eedc5a9b8b07e76b45fc80acafdba3c76a560606d3123edbd442c5f67 MD5 3cf539b267abdf71ff5ae5bf63310c71 Detection ratio: 1 / 57 First submission 2014-03-14 04:39:18 UTC ( 2 years, 5 months ago ) Last submission 2016-09-02 06:57:42 UTC ( 49 minutes ago )

Hello Saue and Thank you for using our forums, please allow a moment for me to analyze the file and I will update you with my findings momentarily... Was anything detected during a scan? I have not looked inside your archive yet.. Perry Bonnell

Hello mogo, I understand.. If you should notice them being detected in the future please let us know, and just 'cancel' the scan if they are found detected to prevent deletion or modification to them.. Again, you can always add the entire folder, or single files to the excluded list, but that would prevent them being scanned. If perhaps you would get infected with a file infector which would infect all files from which would be on the particular partition Windows and other programs are installed.. Should they be detected in the future, you can always send us a file to ensure it is a false positive or if indeed is infected.. Please let me know if you should have any additional questions or assistance! Perry