blender

It's all good. We get emails of post reports so they can be dealt with quickly.

Hello, Can you zip/attach a couple dll or exe files from this directory on the USB drive please? D:\x64\SOURCES\ They have to be zipped or they will be rejected here. It is quite possible there is some sort of encryption/protection on the USB to prevent anything else from tampering with it (including removal of files which is what MBAM was trying to do because a rule matched making it act on the file as though it were infected) Thank you

What was the file referenced in the 0xc0000225 error message you keep getting? Not sure I want to (or can) get into t-shooting session here but will throw a site at you I found looking up that error code which might steer you in the right direction. https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/windows-failed-to-start-status-0xc0000225/4ea8f97e-10df-4bbb-ac0f-5402a6b164b4?auth=1 Some of the responses touch on UEFI mode. Might want to check BIOS to see if it is set up like that. According to the materiel.net site, the USB key does not support UEFI mode.

Thank you for the site info. No, we don't believe the file to be a threat but we're still looking at it to determine why it looks like it is corrupted. Is this the Windows 10 Home 32/64 bit USB key?

Hello again, Next update this will be fixed.

Indeed that was the same file I found in search. Thanks. Think I found the file that is known clean/non corrupt for comparison. Compare the "details" with this one: https://www.virustotal.com/#/file/ab9047b9e8ed56e76609458da89ac641eb2a9fa90c8ea02c031e32ceaa378be9/details Notice how VT can pull up version info, digital signature, Sections and all that.. your file from the link you posted it cannot. How did this USB get created? I'm curious because the rule that is hitting on your file is a few years old & first time we are seeing it reported & I am interested in how that file got mangled. Is there a site you can direct me to that you used to help with creating this USB ? Thanks

Think I found the file on virustotal. We're looking into it. First glance the file looks to be corrupt & I question its ability to be executed by Windows if you did successfully re-install the OS.

Hello, can you copy the win32ui.dll to someplace on your machine, zip it & attach here please? If that is difficult, please scan it at https://www.virustotal.com/#/home/upload & post the resulting link Thanks!

Sweet! Thanks for the update.

Let's try this: 1. Totally exit/shutdown Malwarebytes. 2. Go to here in explorer: 3. C:\ProgramData\Malwarebytes\MBAMService 4. delete the following file only: hubblecache. it doesn't have a file extension 5. Then you can restart MBAM and the cache file will rebuild on the next scan.

Fixed it again. No detections here. Can you confirm please? Might take 10 minutes for your copy of MBAM to "see" the update.

checking..

Hello, We have reviewed your application against our new PUP detection criteria and found it to trigger on a few criteria. https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/ The detection is correct and not a false positive. We will continue monitoring your application and if we notice a change in the behaviour we will review it again.

Hello, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. Please see: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/

The newer version you posted is not detected so it is good to go. To help explain these "MachineLearning" or "Suspicious" detections... Please see: Thanks for reporting!