HighTide

Thank you! Sorry for any trouble.

Can you confirm if the file was a false positive? I just want to know if I should change passwords as a precaution.

Sometime between November 2nd and November 8th, it appears that Malwarebytes' definitions changed to detect Nymaim.Trojan on the aforementioned file. I'm led to believe this is a false positive as no other engine detects on this file (I ran it through VirusTotal) and the file itself has not been run/interacted with in over 8 years, in addition to previous scans by Malwarebytes not detecting this file. Is it possible to confirm is this file was falsely detected so that I know if I need to change any account passwords? PYTHONSERVICE.zip pythonservice_fpreport.txt

I'm not entirely sure what's happened, but it seems like he either didn't get the message or lost it with other messages. Should I continue updating this topic?

Sorry, but should I go on and create another topic? Not sure if this just got lost or something.

It works now, but for some reason it was still triggering earlier. Not sure what changed, but thank you for helping me out. Always get a bit unsettled when my AV says I have a virus.

The fix seems to have worked for the one file uploaded, but the other three detections of the same file in different locations are still triggering. VirusTotal doesn't trigger on them individually, so I've gone ahead to zip them up separately and attach them to this reply, since the problem still doesn't seem resolved. false_positives.txt false_positives.zip false_positives_1.zip false_positives_2.zip

I'm pretty sure this detection was a false positive, because the program in question was a C++ program I made way back when I was trying to learn the language. For the matter, Malwarebytes didn't even detect on the main version of the executable, and only the version with debugging symbols included. I've attached a copy of the scan log and a zip of the file(s) in question (the scan log shows 4 detections, but these are made on copies of the same files spread out across 4 locations on my system). Could you please confirm that this is a false positive? The latest database update didn't fix them for me. false_positives.txt false_positives.zip

Thanks for the clarification. I've attached the exported + zipped reg file to this reply. Do you need anything else? winlogon.zip

As of the latest update, the two previous PUP.Optional.Legacy detections have vanished, so the only remaining one is the PUP.Winlogon.Heuristic. I'm not entirely sure what you mean by an export of the key, but the object it was complaining about (Userinit), is defined as follows: "C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe," Personally I think it's just triggering on the fact that another program is in the registry key aside from userinit.exe .

I've been running Adwcleaner pretty regularly in the past (about once a month), but this is the first time Adwcleaner has reported having such problems on my computer. I don't have access to a previous version to try and confirm a FP that way, but looking at the registry keys themselves makes it seem that way, since it's complaining about my Cisco VPN software, Windows SysAppTray, and the HP Security Manager linked to my Winlogon. Malwarebytes reports no other problems on my computer, so are these just false positives that I can safely ignore, or are they bigger threats that I should be concerned with? AdwCleaner[S00].txt

Sorry to revive this, but I never got an answer for my last question. I'm still worried to turn my computer on. Is it normal MalwareBytes procedure to, when quarantining a file, not move the file itself but instead change access permissions? That's what happened on my machine.

Thanks for the help thisisu! Just one last question. Whenever the notification for the Ransom ware quarantined popped up, the file was never actually removed or anything. Rather, its privileges were just changed. Is that how MalwareBytes handles quarentine, or would that be another issue?

I've tried performing a fresh install twice now, and the issue seems to have subsided. Would you say that the previous attempts by MalwareBytes were what was causing pacman.exe to lock up and ignore administrator actions? If not, would anything in the attached logs cause that? Its the only thing that is still bugging me, as I can't figure out why pacman suddenly ignored everything I tried to do. MBAMSERVICE.LOG

Hello thisisu. I've tried reinstalling MSYS2, but have faced the same exact issues as prior. I've attached a the notification png, the proof of ignoring admin rights, and the running process after notification. I've also included the directory after the notification, and the pacman.exe file prior to it ignoring my admin rights, but cannot include the current pacman due to it ignoring my admin rights. This was done from a fresh install of MSYS2, with no prior software on the computer. If you can, please advise me on where to go from here. So far, it seems that I'm the only one getting this issue. notification_reduced.7z

I was unable to get a screenshot, but I was able to trigger it again. Like before, the program locked and disallowed any modifications/actions until reboot, despite having administrator access. Here is my copy of the program, though it can be obtained through following the fresh installation procedure for MSYS2. pacman.7z

Hello MalwareBytes. For the past several days, MalwareBytes has repeatedly identified my installation and upgrading of MSYS2 (specifically pacman.exe) as ransomware. I've had the unusual problem, however, of MalwareBytes causing pacman.exe to ignore my administrator rights completely, and being unable to quarantine or scan the file until a restart is performed. Malwarebytes Anti-Malware does not identify the file as a threat, only MalwareBytes Anti-Rootkit after launching pacman.exe, but does not record any such notification in the logs. If I can trigger the notification again, I will attach a screen shot.