blender

The newer version you posted is not detected so it is good to go. To help explain these "MachineLearning" or "Suspicious" detections... Please see: Thanks for reporting!

u, u(1) fixed. Looking at u(2) I think most of the AV at Virustotal hate it because 1, it is packed, 2, it alters proxy settings. It might take a few minutes for MBAM to see the fix on your end.

Hello, Can you attach the u.zip please? I'd like to make sure it is the same file you attached last time or if it is an updated one. This is a Heuristics detection which is designed to target 0-day malware so although not very common, once in a while we still have false positives with this. Thanks!

Cool. It must have needed to restart MBAM to make it work right. Thanks for reporting back.

Thanks! Let's try shutting down & restarting MBAM & give it another try? Right click MBAM by the clock>> Shut down Malwarebytes >> give it a few seconds to exit. Restart it again by clicking the desktop icon or start menu icon. Try scan again. You might have exclude the bat file as well (because it writes the reg keys we detect) Settings>> exclusions>> exclude file or folder>> navigate to the file in c:\windows, choose it & click "open". Follow the MBAM prompts to finish setting up the exclusion.

Hello, Go to C:\Windows Locate WUTRefresh.bat, right click it >> send to >> compressed (zipped) folder. It should indicate this happened. Come back here..& in your reply, click the "choose files" and an explorer window opens. Navigate to c:\windows >> locate WUTRefresh.zip, click "open" which should attach it here. Thanks!

Hello, Can you zip up & attach that bat file please? Because there are multiple malwares that use that particular registry key to block Windows Update from working, fixing it on our end is not probable. However, you can whitelist it on your end next time you scan so you don't see the detection any more. Next time the scan runs & detects the above entries, uncheck them, then hit "next". You should get the option to ignore once, ignore always or cancel. Hit "ignore always", then next. You should be told scan/clean is complete. Next scan should run clean.

@concernedboi - sorry not sure why I couldn't tag you above ^^

@concernedboi - new cmd window is fine. One space between each part of the command. Looks like the forum software messes up the formatting & is adding bunches of extra spaces. This is what mine looks like:

@Raxrtos - yes it is safe to restore the items back.

@Logus Yes, they are. They will no longer be detected either with this update

Hello again, Please make sure you have the following database updates! MBAM1x/2x v2018.11.16.06 was published at 11/16/2018 11:42:24 PM (UTC) MB3 1.0.7883 was published at 11/16/2018 11:56:24 PM (UTC) It was JUST published so may take a few minutes for you to see it on your machine. Thanks again for reporting!

Thanks for reporting. An update is going out as we speak!

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. It's also always a good idea to digitally sign the files. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

Hello, Can you zip & attach the exact file detected please? Thank you,