Jump to content

JfB

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About JfB

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, MBARW Beta 0.9.17.661 flagged PHP.exe as ransomware. See attached files please. Would it be possible to allow to restore the quarantined file without requiring a reboot? When restored, php.exe lost its original modified date. Is it possible to restore the dates as well in future versions? Malwarebytes Anti-Ransomware.zip MBAMService.zip php.zip
  2. Hi 1PW, I'm afraid I don't have access to the infected computer anymore. I read about how to report a threat. I can't achieve the very first step, i.e.running the trojan against MBAM: Windows deletes the file immediately after unzipping. This is not a test computer and I won't go any further. Let me know if you want the zip file as is. I've got a follow-up question: On the infected PC 1,800 files were lost before MBARW killed the trojan. Apart from having backups, are there guidelines on how to organize folders and / or facilitate MBARW detection process?
  3. I had the opportunity to test a ramsomware on a Windows 10 computer where MBARW Beta 0.9.16.484 was running. - tyrik.exe (I can provide you with a zip encrypted archive) on a USB key - Windows 10 Enterprise up-to-date - running as a standard user, not admin Windows Defender already knew the signature of tyrik.exe and quarantined it at once I had to login as admin, disable Windows Defender, then switch back to std user to perform the test I executed tyrik.exe, was prompted by Windows to execute the program (the usual warning where you must enter the admin password to contin
  4. Thank you 1PW, I managed to make it work again before viewing your post, more or less the same way that you described: - Uninstall - manually delete the directories (safe mode wasn't required) - restart - login as admin - I didn't re-download a fresh copy, I used the one I backed up from previous download, it was up-to-date judging by version number - I didn't right click the exe and Run as admin, I've just run it - I restarted the computer just after Do you want me to try "Stop Protection"? Or do the re-install just like you described? I'm under the impression that "
  5. Hello 1PW, yes you are correct, this is about ARW Here are the 2 zips Malwarebytes Anti-Ransomware.zip MBAMSERVICE.zip
  6. update: uninstall / re-install doesn't change a thing, now the protection is disabled with no obvious way to activate it
  7. Further info: MBAR 0.9.16.484 I killed the task via taskmgr I restarted it via Startup folder, now it says "AR Protection is disabled' Start Protection has no effect, via the menu, Fix now or right-click It stays disabled I guess I have to re-install the product
  8. Hi, I'm running MBAR in Windows 7. When I click on "Stop Protection" nothing happens
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.