Darkdirk

Okay great, thanks for the reply. Unfortunately I start getting in my own head wondering things like “gee, of my many many clients that use MBW and MS Office, why has only one had this issue, and why can’t I trigger it again? Is this some sophisticated malware exploiting legit Word or Excel executables to conceal itself? Have I not slept since Monday? What day is it?” So thank you very much for the reassurance.

And just to verify, the fact that searching that MD5 on Virustotal verified that the file in question was the original, legit MS Excel file, is proof positive that the detection was absolutely a FP, right? I just want to make sure I understood that correctly before I hook this thing back up tonight.

Thank you sir for the compliment, and for that additional info. I found the json file and looked up the MD5 on VirusTotal, and as you suspected it was the legitimate excel.exe, not a ransomware. (I was not able to test my 0kB theory as I was unable to trigger a new detection, so I guess that particular mystery will go unsolved) Thanks again for all the help.

No biggie. Thank you for all the info. So in the meantime while you guys are working on the fix, can you enlighten us all a bit as to what triggers this to happen on only some machines, or is it just completely random? Because I have a lot of customers with MBW Premium and Excel, but no one else has had this issue except for one single computer (which also gave me paranoia that it might be a legit threat). Any thoughts why that is?

Hi Tetonbob, thanks for the quick reply. Haha, yes. Yes I do. I want to test my theory so I can definitively reproduce this issue and have 100% assurance that it was in fact a false positive. It was pretty easy to fix once I knew how, so I’m not concerned about it being an inconvenience. I’ve already taken the pc offline and am treating it as infected until I can prove otherwise, so I’ll be no worse for the wear. Thanks again!

Thank you very much for taking the time to explain. That was very informative. I have a theory on what might have happened: 11:10am - MWB detects EXCEL.EXE as ransomware 11:29am - The user then tries to reopen their Excel spreadsheet, which immediately triggers the MS Office installer to try to repair Excel, which I immediately cancel out of. And then for some reason in its attempt to repair Excel, it maybe manages to overwrite the EXCEL.EXE, but is unable to actually complete, leaving the file size at 0? Or maybe it’s because I aborted the repair operation? Obviously that

OK, thank you for the clarification. When you said that it shouldn’t “permanently” affect the Excel file, I wasn’t sure if you meant that as in, Malwarebytes would *temporarily* do something to the file with the expectation that it would eventually be set back to its original state. Thank you.

So has Malwarebytes officially verified this to be a false positive when Excel is detected as Malware.Ransom.Agent.Generic?

I have a technical question about how the Ransomware Protection module works. Specifically, when it detects something and “blocks“ the file, how exactly does it do that? My suspicion, based on recent observations, is that it replaces the file in question with an empty file that cannot be moved, renamed, or deleted. And that when Ransomware Protection is eventually disabled, it releases the hold on that empty file and is supposed to restore it to it’s original state, but I would greatly appreciate if someone could verify that for me. After recently running into this issue myself and searc

I apologize but I was not able to run the support tool on this machine as I had already remotely shut it off for paranoia that it might be an actual ransomware, and not just a false positive. Although based on the number of recent posts involving Excel being detected, I strongly suspect an FP. I very specifically want to know about that 0 kB file, and whether I should be concerned about it, or if that’s just the normal way Ransomware Protection was designed to function. I’m going to create a new post about it since I’m not sure if it qualifies as a different question and might be more hel

Thank you for the reply, Porthos. I was able to repaired, and get excel working again. But I would still like if someone could explain to me what Malwarebytes did to my EXCEL.EXE file. Could someone please verify whether or not Malwarebytes turns it into a 0 kB file, and if so, why?

Like many others in the last few days apparently, I too have been slapped with Excel being detected as Malware.Random.Agent.Generic and swiftly blocked. Also like several others, my Excel program is now broken. Malwarebytes did not quarantine the file, so there was nothing for me to restore. When I went to the MS Office program location, EXCEL.EXE was where it belonged, only it was 0kB in size. I could not move or delete it. I suspect Malwarebytes was locking it up somehow. Following the advice I had seen on a few other recent posts, I rebooted the computer, disabled ransomware

^^^^THIS IS AN EXCELLENT POINT^^^^ I shudder to think how many hundreds of thousands of hours have been wasted by individual users such as ourselves chasing our tails and needlessly replacing hardware / reinstalling entire systems from scratch, and how many others STILL DON’T KNOW why their systems are freezing. And how much of everyone’s TIME AND MONEY could have been so easily saved by a simple email to so-called “premium” customers (something that they already do every few weeks anyway). You guys can keep claiming that it only affects a “very small percentage of users”, but I’m

Yessssss Dave!!!!!! This one thousand percent!!! But also... HOW ON EARTH IS THIS STILL GOING ON??? Seriously Malwarebytes, my trust in you guys is plummeting. Fast. I understand that sometimes these things happen with software. Somehow it slipped through beta testing, OK it happens. And then it gets reported to you and you can’t replicate the problem. A little harder to believe, but fine, I guess it’s possible. But here we are OVER FIVE WEEKS LATER and not only have you not fixed it, but you still barely acknowledge the existence of this bug, and your best fix for it is to hav

I think disabling both will fix it. I haven’t had a single freeze up on any PC since doing that.