Jump to content

RobPerkins

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by RobPerkins

  1. I am a home office based software developer for my company. Malwarebytes has flagged one of my new Authenticode code-signed EXEs, which was installed using an MSI package, itself also code-signed, as "Ransomware," under the "Malware.Ransom.Agent.Generic" designation. It removed both the EXE and its Desktop shortcut. The quarantined file, called "SOLIDCast.EXE", launches a second program called which in turn has a function that launches a third EXE file, which in turn launches a fourth. All four EXE files have user interface elements and appear on the screen. The quarantine does not take place until "LASTIT.EXE" has run for a few seconds. In comparison, Malwarebytes does *not* interrupt and quarantine the current commercial version of this software, whose EXE files I am developing a replacement for and which I've also authored. This has been true for over 20 years. The only thing I can think of is that the process launch chain is one EXE greater in the quarantined case. MWB doesn't quarantine any other files. The files are proprietary, so I'm not willing to post them on a public forum, but if you supply an alternate way to communicate about this I'll be happy to use it. I attempted to download and run your logging installer, but, the installer entered an infinite loop and never completed. So I could use some guidance about that, too.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.