tuyen

Sorry, but this IS in fact a bug. It only started happening recently with the 1.60.0.1800 update. The previous versions never had this problem. I'm VERY familiar with how long the process should take because I'm a power user and I disable and enable the website blocking option many times every day, and it was ALWAYS instant to respond. Look at the thread - don't you notice that people started complaining about the exact same behaviour all within the last few days? Doesn't that give you a clue that the problem is new? I uninstalled and re-installed. Nothing changed. I uninstalled again, and even went through my registry and manually ripped out anything having to do with Malwarebytes. Then I re-installed again. Nothing changed. I'm still unable to use the website blocking feature. As a result of this, today I was infected with CONSRV through an infected website which never would've happened if the blocking feature was working. The ironic thing is that I had to clean CONSRV manually by myself from my system and had to edit the registry to restore it to its original state because Malwarebytes doesn't seem to think that CONSRV is a threat.

Perfect! Everything's working now without any warning messages. So if I would've added version info to the executable, it wouldn't have triggered the warning? That's good to know for future reference. Thanks for the very quick response and fix.

Thanks for the reply and for your assurance. However, my experience tends to disagree with your statement. Please find attached a zip file containing 4 different test files. Each of them are completely clean, very simple programs, with totally different purposes. The only thing they have in common is that they've all been compressed with UPX 3.07. When I compile the files and run them, they do NOT trigger the Malwarebytes warning message. But as soon as I compress them, all four of them trigger the exact same warning message (TROJAN.DOWNLOADER). UPX_FalsePositives.zip

I have two questions: 1) Can you guys please update your scan algorithms so that they don't freak out every time a UPX header is detected? I'm a software developer, and I can confirm with 100% certainty that any EXE file compressed with UPX will trigger a warning with a "TROJAN.DOWNLOADER" message, even if the file is perfectly clean. 2) Why is Malwarebytes randomly popping up warning messages about files which are not being executed? The message says that Malwarebytes blocked a file which was attempting to run, but this is absolutely not true, because those are my own executables which I created and placed them into my C:\Temp directory for testing purposes. They are NOT resident in memory, and there's nothing else which is attempting to load them, so why is Malwarebytes being triggered?

I wasn't rude. I was being factual and direct. I explained the exact solution to your problem. If you don't like it, that's fine, but don't blame other people for YOUR problems. Malwarebytes did NOT give you a false alarm. It CORRECTLY blocked an IP range which is KNOWN to host malware. If your site is hosted in that IP range, then you have two options: 1) complain to your host and tell them to STOP allowing malware to be hosted 2) move your site to another host I think you're full of stuff. I've NEVER experienced that problem. When Malwarebytes blocks a web site, I can ALWAYS go to the site successfully after I disable the "Website Blocking" feature. I've never had any problem with it, and if you search these forums, you will see that nobody else had any problems either. It's only YOU who claims that it was necessary to uninstall the program, and that's why I think you're full of stuff.

Stop whining. He already explained it to you. Your site is being hosted on a server where malware is being distributed. If you want don't want your site to have a reputation as being associated with malware, the solution is simple: find a respectable host which doesn't allow malware sites. And for the other guy complaining about the site being blocked, you should educate yourself first on the features of MalwareBytes. You can right-click on the MalwareBytes icon in the system tray, and turn off "Website Blocking". If you turned it off and the site is still being blocked, then your system is probably already owned by a hundred different trojans or spyware. Don't blame MalwareBytes for something which is not their fault. If your computer isn't working properly, maybe you should stop visiting sites which are known for distributing garbage.

Go into your Windows Task Scheduler, and you will see those two tasks listed there. If you didn't create those tasks yourself, then chances are that some form of malware created them for you, in which case you should delete them from inside Task Scheduler. After you've deleted them, they will no longer show up in your scans. It's possible that some legitimate software created those tasks, but if that's the case, there will be a description of what each one does, and it should tell you who created it. Most such tasks are for automated downloads of software updates, but in my experience, legitimate software will never install something to the task scheduler. The task scheduler is most often used by malware.