Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by blender

  1. Hello, We are in the process of reviewing this application. Please keep in contact with us through your ticket you opened. You and the PUP Reconsideration team can continue the discussion there. For reference, the ticket number is 2587256 I'll close this thread. Thank you,
  2. The detection was only added recently. You can create a help ticket here: https://support.malwarebytes.com/community/contactsupport/pages/home-support
  3. Hello, This is not a False Positive. Please see this article: https://www.malwarebytes.com/pup/ If you want to keep the program, you can add it to exclusions. Windows Update can update your system drivers though as well as the computer manufacturer. If you need assistance setting up exclusions, you can contact support for help.
  4. Hello, Sometimes it takes time for them to reply. I'll contact the ones responsible for that mailbox & they should reply before too long. Thank you for your patience. Locking this topic so communication can continue in your ticket.
  5. It's all good. We get emails of post reports so they can be dealt with quickly.
  6. Hello, Can you zip/attach a couple dll or exe files from this directory on the USB drive please? D:\x64\SOURCES\ They have to be zipped or they will be rejected here. It is quite possible there is some sort of encryption/protection on the USB to prevent anything else from tampering with it (including removal of files which is what MBAM was trying to do because a rule matched making it act on the file as though it were infected) Thank you
  7. What was the file referenced in the 0xc0000225 error message you keep getting? Not sure I want to (or can) get into t-shooting session here but will throw a site at you I found looking up that error code which might steer you in the right direction. https://answers.microsoft.com/en-us/windows/forum/windows_10-windows_install/windows-failed-to-start-status-0xc0000225/4ea8f97e-10df-4bbb-ac0f-5402a6b164b4?auth=1 Some of the responses touch on UEFI mode. Might want to check BIOS to see if it is set up like that. According to the materiel.net site, the USB key does not support UEFI mode.
  8. Thank you for the site info. No, we don't believe the file to be a threat but we're still looking at it to determine why it looks like it is corrupted. Is this the Windows 10 Home 32/64 bit USB key?
  9. Indeed that was the same file I found in search. Thanks. Think I found the file that is known clean/non corrupt for comparison. Compare the "details" with this one: https://www.virustotal.com/#/file/ab9047b9e8ed56e76609458da89ac641eb2a9fa90c8ea02c031e32ceaa378be9/details Notice how VT can pull up version info, digital signature, Sections and all that.. your file from the link you posted it cannot. How did this USB get created? I'm curious because the rule that is hitting on your file is a few years old & first time we are seeing it reported & I am interested in how that file got mangled. Is there a site you can direct me to that you used to help with creating this USB ? Thanks
  10. Think I found the file on virustotal. We're looking into it. First glance the file looks to be corrupt & I question its ability to be executed by Windows if you did successfully re-install the OS.
  11. Hello, can you copy the win32ui.dll to someplace on your machine, zip it & attach here please? If that is difficult, please scan it at https://www.virustotal.com/#/home/upload & post the resulting link Thanks!
  12. Let's try this: 1. Totally exit/shutdown Malwarebytes. 2. Go to here in explorer: 3. C:\ProgramData\Malwarebytes\MBAMService 4. delete the following file only: hubblecache. it doesn't have a file extension 5. Then you can restart MBAM and the cache file will rebuild on the next scan.
  13. Fixed it again. No detections here. Can you confirm please? Might take 10 minutes for your copy of MBAM to "see" the update.
  14. Hello, We have reviewed your application against our new PUP detection criteria and found it to trigger on a few criteria. https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/ The detection is correct and not a false positive. We will continue monitoring your application and if we notice a change in the behaviour we will review it again.
  15. Hello, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. Please see: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/
  16. The newer version you posted is not detected so it is good to go. To help explain these "MachineLearning" or "Suspicious" detections... Please see: Thanks for reporting!
  17. u, u(1) fixed. Looking at u(2) I think most of the AV at Virustotal hate it because 1, it is packed, 2, it alters proxy settings. It might take a few minutes for MBAM to see the fix on your end.
  18. Hello, Can you attach the u.zip please? I'd like to make sure it is the same file you attached last time or if it is an updated one. This is a Heuristics detection which is designed to target 0-day malware so although not very common, once in a while we still have false positives with this. Thanks!
  19. Cool. It must have needed to restart MBAM to make it work right. Thanks for reporting back.
  20. Thanks! Let's try shutting down & restarting MBAM & give it another try? Right click MBAM by the clock>> Shut down Malwarebytes >> give it a few seconds to exit. Restart it again by clicking the desktop icon or start menu icon. Try scan again. You might have exclude the bat file as well (because it writes the reg keys we detect) Settings>> exclusions>> exclude file or folder>> navigate to the file in c:\windows, choose it & click "open". Follow the MBAM prompts to finish setting up the exclusion.
  21. Hello, Go to C:\Windows Locate WUTRefresh.bat, right click it >> send to >> compressed (zipped) folder. It should indicate this happened. Come back here..& in your reply, click the "choose files" and an explorer window opens. Navigate to c:\windows >> locate WUTRefresh.zip, click "open" which should attach it here. Thanks!
  22. Hello, Can you zip up & attach that bat file please? Because there are multiple malwares that use that particular registry key to block Windows Update from working, fixing it on our end is not probable. However, you can whitelist it on your end next time you scan so you don't see the detection any more. Next time the scan runs & detects the above entries, uncheck them, then hit "next". You should get the option to ignore once, ignore always or cancel. Hit "ignore always", then next. You should be told scan/clean is complete. Next scan should run clean.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.