raygan

Here is a snippet from the log file but that is all he was able to find... since he has whitelisted the app now it appears to be working for him. 04/16/21 " 09:00:17.074" 56718 1a34 0534 INFO CleanControllerImpl mb::cleanctlrimpl::utility::FileSignatureVerifier::IsSignatureValidPerWinVerifyTrustImpl "filesignatureverifier.cpp" 350 "WinVerifyTrust failed for file='C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe', result=0x800b0100, last error='Geen handtekening aanwezig in het onderwerp. (0x800b0100)'" 04/16/21 " 09:00:17.074" 56718 1a34 0534 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleCache::GetValueFromCache "hubblecache.cpp" 244 "Found hash 'shuriken|8B045D2AD22044D70088244D055FEB77EF65F84D83B40EFB65F78932AB337ACB' in Hubble cache, white list status = 'WhiteListed'" 04/16/21 " 09:00:17.074" 56718 1a34 0534 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::HubbleWhiteLister::GetWhiteListStatus "hubblewhitelister.cpp" 245 "Found hash of file 'C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe' in Hubble's cache, value = WhiteListed" 04/16/21 " 09:00:17.074" 56718 1a34 0534 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "whitelistmanager.cpp" 296 "White list status: File 'C:\Program Files (x86)\PFU\ScanSnap\Home\SshCloudMonitor.exe' 8520B2DFF47EEBD330ED99407E46CD36 (shuriken) => Hubble:WhiteListed" 04/16/21 " 09:00:17.074" 56718 1a34 0534 INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::GetWhiteListStatus::<lambda_4fd8974f0ce770d1d6022064dca8c9fc>::operator () "whitelistmanager.cpp" 237 "Completed single object white listing" 04/16/21 " 09:00:37.164" 76796 1a34 1f9c INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "aecontrollerimplhelper.cpp" 2591 "App Injected (TAGTHATPHOTO)" 04/16/21 " 09:00:37.291" 76921 1a34 1f9c INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "aecontrollerimplhelper.cpp" 2591 "App Injected (TAGTHATPHOTO)" 04/16/21 " 09:01:03.850" 103484 1a34 1f9c INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "aecontrollerimplhelper.cpp" 2591 "App Injected (cmd)" 04/16/21 " 09:01:04.050" 103687 1a34 5824 INFO AEControllerImpl mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification "aecontrollerimplhelper.cpp" 2591 "App Injected (cmd)" 04/16/21 " 09:01:30.373" 130015 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisImpl::CheckForIrisContent "irisimpl.cpp" 582 "Checking for Iris content files" 04/16/21 " 09:01:30.378" 130015 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisScheduler::run "irisimpl.cpp" 998 "Checking for message updates from Iris" 04/16/21 " 09:01:30.378" 130015 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisImpl::IrisCheck "irisimpl.cpp" 124 "Entering IrisCheck. Checking with Iris for messages." 04/16/21 " 09:01:30.379" 130015 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisImpl::SendIrisRequest "irisimpl.cpp" 155 "Entering SendIrisRequest with URL (https://iris.mwbsys.com/api/v2/messages/mbam-c/668dac80acd436636bfb1f9d37704b65a4205af8?array_compatibility_mode=true)." 04/16/21 " 09:01:30.381" 130015 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisImpl::SendIrisRequest "irisimpl.cpp" 187 "Sending Request to Iris Server." 04/16/21 " 09:01:31.040" 130671 1a34 20c4 INFO IrisImpl mb::updatecontrollerimpl::IrisImpl::SendIrisRequest "irisimpl.cpp" 209 "Response from Iris: {""message_collections"":[{""id"":2080,""slug"":""expt149"",""description"":""EXPT149 - Short Term CP AV"",""collection_target_id"":40,""conditions"":[{""rank"":""0"",""ref_id"":""0c4a3ade"",""messages"":[2146],""matching_conditions"":[{""matching_operator"":""geq"",""matching_condition"":""0"",""conditional_parameter"":""default_cohort_group_id""},{""matching_operator"":""leq"",""matching_condition"":""3333"",""conditional_parameter"":""default_cohort_group_id""},{""matching_operator"":""leq"",""matching_condition"":""24"",""conditional_parameter"":""hours_since_clean_installation""},{""matching_operator"":""eq"",""matching_condition"":""en"",""conditional_parameter"":""settings_language""},{""matching_operator"":""eq"",""matching_condition"":""true"",""conditional_parameter"":""avcomp_avast""},{""matching_operator"":""eq"",""matching_condition"":""Trial"",""conditio

I'm with the Tag That Photo support group and some users are saying that malwarebytes is blocking their installation. The following files under the Tag That Photo folder are legitimate. Screenshots attached.

Awesome - thanks!

We had a user today report that Tag That Photo was removed as ransomware. Should be no issues with the program - it is scanned regularly by VirusTotal. Please advise. ====================== Malwarebytes www.malwarebytes.com -Logboekdetails- Datum beveiligingsgebeurtenis: 16-11-2020 Tijd beveiligingsgebeurtenis: 17:22 Logbestand: e39b4630-2827-11eb-8892-d45d64b5a253.json -Software-informatie- Versie: 4.2.3.96 Versie componenten: 1.0.1104 Update pakketversie: 1.0.32974 Licentie: Premium -Systeeminformatie- Besturingssysteem: Windows 10 (Build 19041.630) Processor: x64 Bestandssysteem: NTFS Gebruiker: System -Details ransomware- Bestand: 2 Malware.Ransom.Agent.Generic, C:\USERS\FILIP\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\Tag That Photo.lnk, Verwijder-bij-herstart, 0, 392685, , , Malware.Ransom.Agent.Generic, C:\Program Files\Tag That Photo\Ttp.Windows.Tray.exe, Verwijder-bij-herstart, 0, 392685, 0.0.0, 1bd822a3a12224fe4ca61ae76b3382a7, 7955a353df539038cc891410c3fe475fd912d4decad356c829d30b7bf2cafffa (end)