Jump to content

OldMainframeGuy

Honorary Members
  • Posts

    51
  • Joined

  • Last visited

Posts posted by OldMainframeGuy

  1. Cli:   I rebooted, updated Malwarebytes, restored the quarantined program and retested and all is well.  Thanks for the quick resolution.  If it's any help, when Malwarebytes flags the program as ransomware, it's at the time when I click on "Delete the files" (e.g. delete the files I've marked as duplicates).

    Rob

  2. Logs attached.  Since I originally posted this I updated MB ("Check for update") and re-installed the newer version of DuplicateCleaner5.   I am no longer getting the ransomware alert.    This was the text from the original alert:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 3/11/22
    Protection Event Time: 2:58 PM
    Log File: 9b5beb04-a175-11ec-bfc0-fc3497a11518.json

    -Software Information-
    Version: 4.5.5.175
    Components Version: 1.0.1621
    Update Package Version: 1.0.52195
    License: Premium

    -System Information-
    OS: Windows 10 (Build 19044.1586)
    CPU: x64
    File System: NTFS
    User: System

    -Ransomware Details-
    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    File: 1
    Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Duplicate Cleaner 5\Duplicate Cleaner 5.exe, Quarantined, 0, 392685, 0.0.0, 8acec432cbc01bcf00ab9c3f1990a5d8, 0c2175649ac0ddd85f7bf14f70ae994e4209a855d85d6aedc12096e321f65830


    (end)

     

    I hope this helps!

     

    Rob

    mbst-grab-results.zip

  3. Today I upgraded DuplicateCleaner5 from version 5.0.13 to 5.14 and when I used its 'delete duplicate files' feature Malwarebytes intervened to prevent a ransomware attack - "Malware.Ransom.Agent.Generic".   I uninstalled the new version and reinstalled the old and everything is OK right now.   I'm thinking this is a false positive since it was downloaded directly from the publisher's site.

    https://www.digitalvolcano.co.uk/duplicatecleaner.html

    I also posted this on Digital Volcano's support forum.

    Rob

     

     

     

  4. Windows 10-64 21H1 w/MBAM 4.4.5.   Every once in a while if I start LibreOffice (latest version, 7.2.0.4) , MBAM blocks it.  Here's the details:

     

    -Software Information-
    Version: 4.4.5.130
    Components Version: 1.0.1430
    Update Package Version: 1.0.44501
    License: Premium

    -System Information-
    OS: Windows 10 (Build 19043.1165)
    CPU: x64
    File System: NTFS
    User: System

    -Exploit Details-
    File: 0
    (No malicious items detected)

    Exploit: 1
    Malware.Exploit.Agent.Generic, ComSpec=C:\Windows\system32\cmd.exe, Blocked, 0, 392684, 0.0.0, ,

    -Exploit Data-
    Affected Application: LibreOffice
    Protection Layer: Application Behavior Protection
    Protection Technique: Exploit Office WMI abuse blocked
    File Name: ComSpec=C:\Windows\system32\cmd.exe
    URL:


    Attempting to start LibreOffice a second time works.   Is anyone else seeing this?

     

    Rob

  5. Exile360:   Thanks for your reply.   When I click on the Scan card I do not see a scan in progress when the Update button isn't working - however, I believe that this is related to my torrent program, qBittorrent.   When qBittorrent is running, the Update button does not work; if I shut down qBittorrent, the Update button works, so maybe it's related to something Malwarebytes is monitoring within qBittorrent?

    If this is the behavior I can certainly live with it since I'm not running qBittorrent all day.

    Rob

  6. I'm running Malwarebytes Premium version 4.4.0.117, update version 1.0.41943, component package version 1.0.1318 on Windows 10-64 version 21H1 .   I don't know when this started happening but the "Check for Updates" button on the Settings/General page stops working after the PC has been running for a while; I click on it and nothing happens.   If I reboot the PC, the button checks for updates but eventually stops working again.

    Any cures for this?   I've tried shutting down Malwarebytes and restarting it but it doesn't help.

    Rob

  7. I've installed the latest version of digiKam (version 7.2.0 from digikam.org).   The download suggested this site which was blocked by Malwarebytes:

    https://mirror.math.princeton.edu/pub/kde/ftp/  
     

    I tried an alternate site and that worked.  Now when I start the program it wants to download some additional files from the Princeton site and Malwarebytes is blocking the download.   Is this a false positive?

  8. I also have an SSD though my PDF documents are on a conventional disk.   I just tried this again and noticed that I am no longer having the problem and I definitely was earlier; I tried with several PDF documents.   I also notice that when I filed the first post I was on update 1.0.25272; now MBAM is on update 1.0.25284.   Is it possible an update fixed the problem?

     

    Rob

  9. Running MBAM Premium 4.1.0.56, update 1.0.25272,  component package 1.0.931 on Windows 10-64 1909.   I don't know when this might have started but today I noticed that opening a PDF document with Adobe Reader is extremely slow (20-30 seconds).   I opened a document and Sysinternals Process Explorer said mbamservice.exe was using 50% of the machine.   I opened MBAM and stopped all of the real-time services and the PDF document opened immediately.   I then turned them back on, one by one; enabling malware protection is what's causing the slow opening.

    Is anyone else seeing this?   

     

    Rob

  10. 50 minutes ago, Porthos said:

    I just use what seems to work for me and my clients. Of course, I have lifetime licenses for all my computers and about 80% of my clients do as well. It is a win-win situation for me.

    With the above being said, I would buy the subscription any day if I needed it.

    I couldn't agree more; I also have one lifetime license and I often kick myself for not buying two.   Does Malwarebytes offer less protection (or functionality) when running as a "secondary" product alongside Defender as opposed to running it in place of Defender?

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.