Ut1234

I think i'll keep that setting on just so i'm safer overall, but it's nice to have this information on how to turn this off should malwarebytes make it hard to use the pc going forward. thank you for the information, but i do wish for the devs to be aware of this probably niche false positive.

as far as i am aware, i have not changed any settings in malwarebytes at all aside from switching to dark mode.

is it necessary to reinstall MB for a false positive like this or is this indicative of something more serious?

i was getting a different language keyboard pack installed and when i pressed alt shift windows gave me a box that let me open the windows 10 language hotkey window. malwarebytes detected it as an exploit. false positive windows hotkey.txt

malwarebytes found 14 various files in visual studio related folders named payload.vsix. no idea if they're actually malicious or not but just the name payload freaks me out a bit. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/9/22 Scan Time: 11:58 PM Log File: 77347468-8a36-11ec-88c4-04d9f5828644.json -Software Information- Version: 4.5.2.157 Components Version: 1.0.1562 Update Package Version: 1.0.50929 License: Premium -System Information- OS: Windows 10 (Build 19044.1466) CPU: x64 File System: NTFS User: DESKTOP-8IRROSB\Chris -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 438849 Threats Detected: 14 Threats Quarantined: 14 Time Elapsed: 10 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 14 Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.DIAGNOSTICSHUB.COLLECTION.EXTERNALDEPENDENCIES.X64,VERSION=16.10.31312.362,CHIP=X64\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , D63340FE98D210C47919D466C53CDB45, 77FEE5D6D067654431B1D75546816AEE649EEED344133EEA5722099166C67F0B Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.CONNECTED,VERSION=16.10.31424.327\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 73C08634BE1453ACE63D525A43765E5E, 8AAD65FF42201AF01A0A5EED75D5FFDEDE6246B31AD214F7A03C3376ABF68E94 Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS,VERSION=16.10.526.50910\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 474C065A1C90F3B92FC53B471F930136, 5A86129B250AEBB38AE9768BE208BBE29F2F4A95AF4ED3CE1FD025587386F199 Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.TESTTOOLS.TEAMFOUNDATIONCLIENT,VERSION=16.10.31303.231\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 5E96A4A5B48062BA0B33A6AD6E6E9E90, FF7820FF835821D3F3DCE99028F6F30EFCE7083DA220901D92C156D1D2A8D76B Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.VC.EXTERNALBUILDFRAMEWORK,VERSION=16.10.31306.167\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 64D9A6210CA10B5798D6F8EDC7BAB931, 00AB6FCBD1DDA144DBDC0E00C5DD4A641A62380998A4F5F068D8BACEF4D280D4 Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.CACHE.SERVICE,VERSION=16.10.57.29057\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 8D816196BBBDB675F745442D9DB61D8E, 1E30992409025B29B60ADD80E838FE9B06B39B61E531ACA374956758654B027B Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.INTELLICODE,VERSION=2.2.1462.13379\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 57A328DDEA180038CE1B9AD4974CF413, 6CB7B22029D99AFFF11B217365924C96E9A13C6DEF4682ACDE86EBEE2548BD8B Trojan.Crypt, C:\PROGRAMDATA\MICROSOFT\VISUALSTUDIO\PACKAGES\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH,VERSION=16.10.240.48644\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 0B1A1F473AB9C1F58665D01FF64CE52C, 4641C97BA901FC13A4277EF221D6BA0D550C801F86794F8FE1562D13AAC86DFF Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.DIAGNOSTICSHUB.COLLECTION.EXTERNALDEPENDENCIES.X64.3736521529B9C9BCF12B\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , E76A22298AB126A2596E0829EB58F033, AD8D687F3BCF42E0F8375B915AF211142B74F5BF1878C08295AAA500CE913042 Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.CONNECTED.8BD0EBBB361673987456\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , A3ABCD9FD7F36A58EE5B75CB4EA1268A, 5C9D6820A3C38CFB3155B9FF8739258F564BF3AB668245B57D803F087F76EBBA Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.217E538CA49AFA3D5778\MICROSOFT.VISUALSTUDIO.WEBTOOLSEXTENSIONS.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , B244F53C89160120FA9965D7751E0DFA, 562514C36B3AD9462D477A7B1FE0B0205FFFB5836FE02216A52CD04A2F2BBAB1 Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH.55FAC1CDBBF64411DCE7\MICROSOFT.VISUALSTUDIO.PLATFORM.CROSSREPOSITORYSEARCH.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , E406C1E395C7EA325501FBD1905CA4CA, 8FFFF4648491B24F4D745426007A308C965A0DCA6F80424ECABB3AA7B74243D5 Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.TESTTOOLS.TEAMFOUNDATIONCLIENT.3ADD7B90173D38B29030\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , 534493C786B133A28DB62237658E9676, 8671549B6D5C3AF581AB27981EC6B29D6104B91077EBFC39280FDD327A461027 Trojan.Crypt, C:\USERS\CHRIS\APPDATA\LOCAL\TEMP\QOIGOUZC\MICROSOFT.VISUALSTUDIO.VC.EXTERNALBUILDFRAMEWORK.ACAE12CB63B996D71933\PAYLOAD.VSIX, Quarantined, 506, 1024595, 1.0.50929, , ame, , EDAA5F70246C69CEB4ADF4CD5E1F7570, A662360EAF8C08E6D8BDAB91E22FA5B654FB6EE3EF0AEA103C7EC5957C45F486 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)