Gool

If I run a full scan selecting everything except for "Scan for rootkits" it takes about 30 minutes. When I also selected "Scan for rootkits" it was taking 15 hours when I had to interrupt the scan because I had to turn my pc off. Why is "Scan for rootkits" exponentially increasing scan time?

thank you

so is it a false positive?

here's the log: "threats": [ { "ddsSigFileVersion": "", "linkedTraces": [ ], "mainTrace": { "ImpersonationSid": "", "archiveMember": "", "archiveMemberMD5": "", "cleanAction": "quarantine", "cleanContext": { }, "cleanResult": "notStarted", "cleanResultErrorCode": 0, "cleanTime": "", "generatedByPostCleanupAction": false, "hubbleRequestErrorCode": 0, "id": "f31967ae-f5ce-11ee-9d33-708bcd0f3022", "igExitCode": "", "isPEFile": true, "isPEFileValid": true, "isWhitelistedByAdsInfo": false, "linkType": "none", "objectMD5": "0D276A70C35107B6C04D90C7460EA409", "objectPath": "C:\\USERS\\<username>\\DOWNLOADS\\X86_64-13.2.0-RELEASE-WIN32-SEH-UCRT-RT_V11-REV0\\MINGW64\\BIN\\GCOV.EXE", "objectSha256": "D9055E70155279563056306E15D9E1EC93C50C8F85A78052C5E630A6355E41D1", "objectSize": 2045440, "objectType": "file", "resolvedPath": "C:\\Users\\<username>\\Downloads\\x86_64-13.2.0-release-win32-seh-ucrt-rt_v11-rev0\\mingw64\\bin\\gcov.exe", "rtpEventType": "other", "suggestedAction": { "archiveDir": false, "chromeExtensionOther": false, "chromeExtensionPreferences": false, "chromeExtensionSecurePreferences": false, "chromeExtensionSyncData": false, "chromeUrlOther": false, "chromeUrlSecurePreferences": false, "chromeUrlSyncData": false, "chromeUrlWebData": false, "disableHubbleWhiteListing": true, "disableSignatureWhiteListing": true, "fileDelete": true, "fileReplace": false, "fileTxtReplace": false, "folderDelete": false, "isChromeObject": false, "isDDS": false, "isDoppleganging": false, "isExternalDetection": false, "isPUP": false, "isShuriken": false, "isWMIEventConsumer": false, "killProcess": true, "minimalWhiteListing": false, "moduleUnload": false, "noLinking": false, "physicalSectorReplace": false, "priorityHigh": false, "priorityNormal": false, "priorityUrgent": false, "processUnload": false, "regKeyDelete": false, "regValueDelete": false, "regValueReplace": false, "shortcutReplace": false, "silentMode": false, "singleDelete": false, "testingMode": false, "treatAsRootkit": false, "useDDA": false, "verifyResolvedPath": true, "whitelistCheckError": false }, "winVerifyTrustResult": { "expectedError": false, "lastErrorCode": 0, "wvtCalled": false, "wvtResult": 0 } }, "ruleID": 1184067, "ruleString": "", "rulesVersion": "1.0.83195", "srcEngineComponent": "ame", "srcEngineThreatNames": [ ], "threatID": 20, "threatName": "Trojan.Downloader" } ] gcov.zip

I downloaded minGW from the github linked in https://www.mingw-w64.org/downloads/#mingw-builds After a scan the file mingw64\bin\gcov.exe gets reported as Trojan.Downloader. Is it a false positive?

thanks!

So since I choose to not install adware, is it safe to install cheat engine?

What is a software bundler?

here it is CheatEngine75.zip

Hello! I download Cheat Engine from official site and it gets reported as Malware It's not the first time I installed after a MalwareBytes check, and I never saw Generic.Malware.AI.DDS and Malware.AI.317114055 That's from the log file: "srcEngineThreatNames": [ "Generic.Malware.AI.DDS", "Malware.AI.317114055" ], "threatID": 1000002, "threatName": "Generic.Malware.AI.DDS" What does that mean?

Thanks. Just for information. How can you tell it's foisting snake oil?

any chance I'm affected?

www.emeraldautocenter.com its homepage looks clear on virustotal. I see an emerald autocenter on google maps street view, with this site

Hi, I accidentally clicked on an ads link on youtube and I went on the https{colon}//www.emeraldautocenter{dot}com/shy/kjo/kjo{dot}php for a few seconds. I scanned the given link on virustotal and I got a security vendor detecting "Phishing". Is there a way to scan that link with malwarebytes?

No. Never.

The first time, when Malwarebytes stopped it, it was running automatically after tizen studio installation. The second time, when Malwarebytes did nothing, I ran it manually double-clicking the exe file. So is Malwarebytes not liking cmd to run the package manager?

Gui version.

I installed to my new pc Tizen Studio, the official IDE for developing Samsung Smart Tv apps. After installation completion, I ran its package manager, to install proper (official) SDK, and MalwareBytes interrupted its startup, because of a Exploit.PayloadProcessBlock. Then after I ran the same package manager it started fully ok, and I was able to install proper SDK. I also scanned the package manager exe, and MalwareBytes said there is no threats. Can anybody help me understand what happened with the Exploit detenction? Is it a false positive? Why I let me run the package manager next? That's the log of the exploit detection. Thanks in advance. 5C7CFED11798F140190EE7098D93E1479ACF469F6C97832E62B8FD2D3EA5EC65 { "applicationVersion": "4.6.7.301", "chromeSyncResetQueryRequested": false, "chromeSyncResetQueryResult": false, "clientID": "", "clientType": "other", "componentsUpdatePackageVersion": "1.0.2222", "coreDllFileVersion": "0.0.0", "cpu": "x64", "dbSDKUpdatePackageVersion": "1.0.79191", "detectionDateTime": "2024-01-03T02:30:06Z", "fileSystem": "NTFS", "id": "02301282-a9e0-11ee-91f7-708bcd0f3022", "isUserAdmin": true, "licenseState": "trial", "linkagePhaseComplete": false, "loggedOnUserName": "System", "machineID": "", "os": "Windows 10 (Build 19045.3803)", "schemaVersion": 20, "sourceDetails": { "type": "ae" }, "threats": [ { "ddsSigFileVersion": "", "linkedTraces": [ ], "mainTrace": { "ImpersonationSid": "", "archiveMember": "", "archiveMemberMD5": "", "cleanAction": "block", "cleanResult": "successful", "cleanResultErrorCode": 0, "cleanTime": "2024-01-03T02:30:06Z", "exploitData": { "appDisplayName": "Java", "blockedFileName": "C:\\WINDOWS\\SYSTEM32\\cmd.exe \\c C:\\tizen-studio\\package-manager\\package-manager.exe", "documentFileName": "", "layerText": "Application Behavior Protection", "protectionTechnique": "Exploit payload process blocked", "url": "" }, "generatedByPostCleanupAction": false, "hubbleRequestErrorCode": 0, "id": "02360426-a9e0-11ee-a82f-708bcd0f3022", "igExitCode": "", "isPEFile": false, "isPEFileValid": false, "isWhitelistedByAdsInfo": false, "linkType": "none", "objectMD5": "", "objectPath": "", "objectSha256": "", "objectSize": -1, "objectType": "exploit", "resolvedPath": "" }, "ruleID": 392684, "ruleString": "", "rulesVersion": "0.0.0", "srcEngineComponent": "unknown", "srcEngineThreatNames": [ ], "threatID": 701, "threatName": "Exploit.PayloadProcessBlock" } ], "threatsDetected": 1 }