rick87437

WOW, that was a fast fix, many thanks. Just so I understand, is the fix immediately reflected in the software for other users without the need for upgrade? I have presumed this must be so, since so many new threats are detected ("daily, or even dailier") that all of this data must be baked fresh each day. How does that work? Incidentally, I thought I had declined the quarantine, but that was not so --- when I tried to use the software as a test, it was quarantined. I told MalwareBytes to "Restore" it, but the next use popped it back into quarantine. So I added the executable to the "Allow List" and all was okay. Had I not done that, when and how would the "fix" have been felt by me?

I've used the app for years but just today it is flagged as malware and suggested for quarantine (which I declined). Below is the contents of log file. ============= Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/12/24 Scan Time: 8:57 AM -Software Information- Version: 4.5.33.272 Components Version: 1.0.2069 Update Package Version: 1.0.83343 License: Premium -System Information- OS: Windows 11 (Build 22621.3007) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 307218 Threats Detected: 4 Threats Quarantined: 0 Time Elapsed: 3 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Malware.AI.3506250788, C:\USERS\***\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\SpardaSecureApp.lnk, No Action By User, 1000000, -788716508, , , , , 254ED405CBB00EC0791418455E696FBA, 00A6B22C7B347D4DC1A6ADB09C0C36AC9AA1B406683EE0B769A9A4B25F97B0E3 Malware.AI.3506250788, C:\USERS\***\APPDATA\ROAMING\Microsoft\Windows\Start Menu\SpardaSecureApp.lnk, No Action By User, 1000000, -788716508, , , , , B185F6F6ECE1A6C8F53C1CACB3CFE14E, 2CAF05380B58D8424422C55B0D30D7D79E4C47F835FD271E1CCEA3586F3ABCF7 Malware.AI.3506250788, C:\USERS\***\DESKTOP\SpardaSecureApp.lnk, No Action By User, 1000000, -788716508, , , , , 461BABAEC1CD1463362604082175CB9C, 0E9B1BB2EF44C45602AF73A4387F20375B49B8C32E17ED71CE55E5B8B1CA7363 Malware.AI.3506250788, C:\USERS\***\APPDATA\ROAMING\SPARDA\AST-CLIENT\SPARDASECUREAPP.EXE, No Action By User, 1000000, -788716508, 1.0.83343, 200FA786607CE79DD0FD2424, dds, 02776648, EBF6E5C875B5D8E696EB67594ACE2050, F923BF0BEAEF9556FB372BB1F4CD3D7D1DE6C3AE302FA247C0B919E7E4A29FC0 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)

So it is. But that's all there is. Mystery unsolved. Case closed due to insufficient evidence!

Well hidden! In C:\ProgramData\Malwarebytes\MBAMService\MwacDetections, to be exact. Here's the content, for what it's worth (which I suspect isn't much, no url, for instance) and whether this is wise or not: ================== DCBF3F6900D4827B023F1D2EA87B615BCA695C747F06F24504D9D5DDD4DF2225 { "applicationVersion": "4.5.26.259", "chromeSyncResetQueryRequested": false, "chromeSyncResetQueryResult": false, "clientID": "", "clientType": "other", "componentsUpdatePackageVersion": "1.0.1976", "coreDllFileVersion": "0.0.0", "cpu": "x64", "dbSDKUpdatePackageVersion": "1.0.72901", "detectionDateTime": "2023-07-24T15:48:08Z", "fileSystem": "NTFS", "id": "7c744df0-2a39-11ee-8ea0-9c5a44142187", "isUserAdmin": true, "licenseState": "licensed", "linkagePhaseComplete": false, "loggedOnUserName": "System", "machineID": "", "os": "Windows 11 (Build 22000.2057)", "schemaVersion": 20, "sourceDetails": { "type": "mwac" }, "threats": [ { "ddsSigFileVersion": "", "linkedTraces": [ ], "mainTrace": { "archiveMember": "", "archiveMemberMD5": "", "cleanAction": "block", "cleanResult": "successful", "cleanResultErrorCode": 0, "cleanTime": "", "generatedByPostCleanupAction": false, "hubbleRequestErrorCode": 0, "id": "7c747636-2a39-11ee-b17f-9c5a44142187", "igExitCode": "", "isPEFile": false, "isPEFileValid": false, "isWhitelistedByAdsInfo": false, "linkType": "none", "objectMD5": "", "objectPath": "", "objectSha256": "", "objectSize": -1, "objectType": "website", "resolvedPath": "", "websiteData": { "blockType": 7, "ip": "", "isInbound": false, "port": 80, "processPath": "C:\\Program Files (x86)\\eM Client\\MailClient.exe", "url": "" } }, "ruleID": -1, "ruleString": "", "rulesVersion": "0.0.0", "srcEngineComponent": "unknown", "srcEngineThreatNames": [ ], "threatID": -1, "threatName": "" } ], "threatsDetected": 1 }

Thanks for your efforts! The trick was to click on the "Advanced" button. Without doing that, I also get details by just by clicking "Copy to Clipboard": Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/24/23 Protection Event Time: 5:48 PM Log File: 7c744df0-2a39-11ee-8ea0-9c5a44142187.json -Software Information- Version: 4.5.26.259 Components Version: 1.0.1976 Update Package Version: 1.0.72901 License: Premium -System Information- OS: Windows 11 (Build 22000.2057) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\eM Client\MailClient.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: Port: 80 Type: Outbound File: C:\Program Files (x86)\eM Client\MailClient.exe Next question: Where does one find that logfile (7c744df0-2a39-11ee-8ea0-9c5a44142187.json)? I was unable to find it in the folders "Users" or "Program Files".

Where would I find such a log? I've clicked around with no luck. And speaking of uselessness, if the deleted message tried to access a site, why is that site not mentioned? The software seems confused (it's at least confusing) by referring to a program as a website.

Malwarebytes popped this up today (see attached screen capture). "Website blocked", it says. But that's no website, it's a mail program that I use and have used for a long time. I was doing nothing special when it popped up, just deleting messages. After I closed the popup without taking action, the program continued to operate normally. Weird. This is Malwarebytes Premium 4.5.26 on Windows 11. Rick

I suspect that this site (combos.org) has been falsely blocked by Malwarebytes. Norton Safe Web says it is okay, for instance.

Please check if seashepherdglobal.org really has a problem. Norton SafeWeb says it's okay, for example. ============== Website blocked due to malware Website Blocked: seashepherdglobal.org Malwarebytes Browser Guard blocked this page because it may contain malicious activity.

It's back. I downloaded and installed the latest version of SnapPy for Windows, via the file named "InstallSnapPy.exe" from the horse's mouth ( https://snappy.math.uic.edu/installing.html#windows ). It must be another false positive. But what is behind this? In any case, I hope this can be resolved as quickly (meaning at amazing speed) as last time (thanks for that!). Here are the bits from MalwareBytes:

These files have been living happily on my machine for over a year until today. But Malwarebytes (4.2.3.96) has attempted to ostracize them. I suspect a false positive, but what do I know? The warning and then the quarantine logs are below. I cannot easily give more info due to the quarantine, but the files were installed in Oct 2020, so are most likely the latest, from here: https://github.com/3-manifolds/SnapPy/releases/tag/2.8_as_released (A fresh download of the installer is of the identical size as the one I used.) -------------------- Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/11/21 Scan Time: 8:46 AM Log File: 31fe36ee-6c3d-11eb-8a96-9c5a44142187.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.36957 License: Premium -System Information- OS: Windows 10 (Build 18362.1350) CPU: x64 File System: NTFS User: LAPTOP-4G6C63UK\rick -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 339476 Threats Detected: 3 Threats Quarantined: 0 Time Elapsed: 1 min, 22 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Malware.AI.3929698541, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\SnapPy.lnk, No Action By User, 1000000, 0, , , , , 268806BCA5F019E2E8FAB3C178421FC9, 1D59436E01352FE740E7BD269B2CDF706B765B3A91093FB1F0EFB09E0B567298 Malware.AI.3929698541, C:\USERS\PUBLIC\Desktop\SnapPy.lnk, No Action By User, 1000000, 0, , , , , 268806BCA5F019E2E8FAB3C178421FC9, 1D59436E01352FE740E7BD269B2CDF706B765B3A91093FB1F0EFB09E0B567298 Malware.AI.3929698541, C:\PROGRAM FILES (X86)\SNAPPY\SNAPPY.EXE, No Action By User, 1000000, 0, 1.0.36957, 81C6BDB709D2B932EA3A70ED, dds, 01112063, 5E6E96E3CF05E17F8D7868617BB38407, 641F3E6F223146446524B8023623FCDBFE22A8449407BCB343AAC2DF6BF919D4 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) ==================== Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/11/21 Protection Event Time: 8:53 AM Log File: 4ad8671a-6c3e-11eb-97e1-9c5a44142187.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.36957 License: Premium -System Information- OS: Windows 10 (Build 18362.1350) CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 Malware.AI.3929698541, C:\Program Files (x86)\SnapPy\SnapPy.exe, Quarantined, 1000000, 0, 1.0.36957, 81C6BDB709D2B932EA3A70ED, dds, 01112063, 5E6E96E3CF05E17F8D7868617BB38407, 641F3E6F223146446524B8023623FCDBFE22A8449407BCB343AAC2DF6BF919D4 (end)