Fred232

Porthos & Blender, thanks for the quick replies and response. Just ran a scan and its not longer detected. Version: MWB - 4.6.13.324 Update Package - 1.0.83633 Component Package - 1.0.2319 Thanks

Can I ask how its done? I'm hoping I've missed something. I tried to put it into the allow list under the settings cog. Click 'Add', click 'Allow a file or folder', click 'select a file'. Navigate to the link (in startup) select it and click 'open'. However the actual Taskmanager (C:\windows\system32\Taskmgr.exe') and NOT the actual link (C:\USERS\My-User\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\TASKMGR.EXE.LNK) gets allowed, and when I run a scan the link still gets detected. I don't want to exclude the entire 'startup' folder in case I was unlucky and some malware got into it. But also, as it appears to know that link is the real taskmanager, as its followed the link to its source, why is it failing in the first place? So how do I exempt the link and only that link? Thanks

Any thoughts?

Thanks for the reply. Log as requested. Theres nothing wrong with the file regard detections when its placed in other folders, just when its in 'startup'. I would be nice if MWB could scan a bit deeper, ie, maybe follow the link and actually scan the file its a shortcut of. After all Taskmgr at that location (windows\system32) is a signed Microsoft file that I assume you would scan and pass in a full scan of the system. Just not the link to it when its in startup? If not then I guess its 'exceptions time'. Thanks log.txt

I'm not sure if this is a false positive or not but it does not seem right to me. I wanted a method to start Task Manager automatically when I logged in. I created a shortcut to Task manager (shortcut to C:\Windows\System32\Taskmgr.exe) and placed it in C:\Users\<My-User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. It works and Task Manager opens when I log into this account. However, a Malwarebytes scan reports the link/shortcut file as RiskWare.AgentE If I scan the actual C:\Windows\System32\Taskmgr.exe file directly neither Defender or Malwarebytes report it as malware. But if I scan the link in the startup folder Defender still says it OK but Malwarebytes reports the problem. If I cut the shortcut out of the startup folder and put it on the desktop Malwarebytes also now says its OK. Is this correct or a False Positive or is Malwarebytes just playing it safe and reporting this type of link when its in startup?

Thanks for the replies, the reinstall via the tool seems to have fixed it. I will check and let you know if it fails again. It was only that I specifically did a right-click scan that I noticed the problem. I wonder if it was actually scanning at all? Still it seems to be back to normal now, so thanks again.

Thanks, I'll give it a try and let you know later. The odd thing is regarding the sub-folders, If I scan something that has say four files and three subfolders (7 items in all), it reports that four things have been scanned even if the subfolders have say 5 items in them each. But if I open the subfolder and scan it it reports that 5 items have been scanned. The problem is most noticeable for Steam games and steam game folders where it sometimes reports no items have been scanned on the main game folder. Hence the question re sub-folders. But it seems to work on other folders?

I have version 4.5.23 updated as far as I can tell. If I run a scan via the menu scanner it seems to run fine. But if I right-click a folder and try to run a MWB scan it usually does not start, occasionally it will though. The scanner screen pops up with 'Checking for Updates' and 'Scanning file system' listed but neither get ticked and in the monitor graphic the bar does not move. It just sits there, no results are given. But if I cancel the scan and look in Reports it looks like the scan was run (date and time wise) and no detections found. The advanced report usually claims items were scanned and no detection found. Details from advanced file: Ver - 4.5.23.241 Component package - 1.0.1927 Update package version - 1.0.67078 I have tried restarting the PC I have tried turning the four MWB scanning options off (Web, Malware, Ransom and exploit) and turning them back on. I have tried turning the windows explorer context option off then on. None of the above helped. So two questions really: 1 How do I correct this so it always scans by right-click on a folder? 2 When it scans a folder should it scan sub-folders of that folder or not?

Many thanks for all the replies and info. I'll definitely put MWB on the phone when the trial expires. All I was thinking re 2 is that the audit as it is, is useful for overall information. But if it could have an advanced setting to only show the apps that can and do have permissions, it may help people tighten down on the security a little quicker, or at least concentrate on looking at the most important apps first (the Apps with the permissions granted) rather than to-ing and fro-ing between long lists of Apps. Just a final suggestion, how about adding a search function to some of the longer lists like the lists in 'your apps' esp the System Apps list, as one example. Just in case you needed to look for something. But again, thanks for your helpful and quick replies.

Sorry there was one more as well. 4 I've read of reports that some Chinese and even Samsung phones in the past have had Malware installed somehow from new. Is this really true? But more importantly if it is, would MWB detect and remove this IF there was any malware or spyware on the phone installed from new? Thanks again.

I've just started a Premium trial of MWB on a new Android (Oppo) phone and have a few questions please to clarify some things for me. Its a new phone that I'm just playing around with at the moment getting used to it and Android, so I'm putting apps on it but no file data ( my photos, Music etc ). All scans pass OK, which clearly should be the case on a new phone. 1 When I run a scan it says something like 'scanned: 264 apps and 159 files'. But the 159 files seems to be increasing. Is it possible to see what is being scanned in a report somewhere, ie exactly what apps and what files are scanned? If I look in the phones File Manager it shows no files, yet MWB is scanning 159. 2 If I look in Privacy Audit it lists "X apps can do this or that". So for example 'Can install apps from an unknown source' it shows 14 apps, but when you press 'Configure in settings' it actually has 16 listed ( Phone Manager and Theme Store are the extra two ) and they are all set to off anyway and the phone itself reports none are turned on. Similarly, when you go to 'Can make calls' MWB says 25 apps can, but when you look in System>App Permissions, it says only 3 apps can make a call and they are all set to ask not allow. So I assume 'Can' means what it says i.e. its possible for the app to make a call. But wouldn't it be a better privacy report if it dug a little further and actually reported the apps that have the ability and the permission to make a call? And secondly, isn't there a discrepancy in the numbers being reported and the permissions the phone actually lets you set? Or have I misread it? And as a follow on to 2, obviously 22 Apps that MWB says can make a call are not listed in the phones call permission settings to do anything about even if I wanted to. Is that something to worry about? For example 'EngineerMode' or 'Shell' can make calls according to MWB, but they are not listed by the phone in the 'make a call' section to alter their permissions. 3 And finally, Is MWB for Android a stand alone AV package for the phone, or can/should it be used with other scanners like Avira or Kaspersky? Should it be on its own or can it run with other AV Apps for (hopefully) better protection. I know on a PC you should not have two full AV products, but I'm new to Android and not sure. Thanks

I don't know if this is a FP or not, but, World Of Warships did an auto update today and Malwarebytes reported it twice. After the update a full AV program scan and a MWB scan of the reported folder finds nothing, and an MWB threat scan of the PC found nothing. This is one of the reports: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/26/18 Protection Event Time: 9:42 AM Log File: d1008eda-492d-11e8-8532-d05099846381.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.4874 License: Trial -System Information- OS: Windows 10 (Build 16299.402) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Unspecified Domain: IP Address: 194.44.234.6 Port: [6881] Type: Outbound File: D:\Games\World_of_Warships\WoWSLauncher.exe (end) Is this a false Positive or has my WOW updater gone to a bad site? Thanks.

Buttons, Cheers, no worries. Thanks

Firefox, thanks for that info. It just seems that, to me, it seems to take longer to complete an admin scan than it does to complete a user scan. Quite a bit longer. Maybe not. I'll time it next time :-) But thanks for the info, I can run a scan as 'user' and at least detect any problems.

Buttons, Sorry, I don't think I follow. I can open the GUI as a user or as admin. I can only update as admin I can manually run scans as user or admin. I'm not worried about scheduled scans. That I can understand. But what I'm trying to establish is, if I want to fully SCAN the entire PC including system areas and other user accounts, say c:\windows\system32 etc to which a user account would not normally have access, do I need to 'run as admin' and full scan, or can I run as my normal user and full scan?. i.e. will a scan initiated as a normal user still scan the system areas of the PC or indeed other user areas of the PC or does it just scan my user area and files? Thanks

Just a quick query really. I run the free Malwarebytes as a back up on a W7 64bit system. Just used to scan (usually quick scan) the PC now and again as extra backup security and checks. But a thought just occurred to me which I'm hoping someone can quickly answer. I know I need to right-click and 'run as admin' to update MalwareBytes, but if I want to run a full scan of the complete system, do I also need to run as admin? i.e. if I use my normal user account and run a full scan, does it run a full scan of all files throughout the PC (including the system/admin areas) or does it just run a full scan on all files in my user area? I'm guessing a full scan is a full scan and the lot is checked, but just hoping someone can confirm either way. Its not a major problem either way, I'd just like to know what is best to run and do I need to SCAN as admin or not. Thanks.

@ yardbird No idea, its (vista) not mine. See "Yes, both my W7s which had the same apparent problem as the original poster ( ramaflore ) had appear now to be OK. Sorry if I hi-jacked, didn't intend to, was just informing that I originally had the same problem following the update." above.

Yes, both my W7s which had the same apparent problem as the original poster ( ramaflore ) had appear now to be OK. Sorry if I hi-jacked, didn't intend to, was just informing that I originally had the same problem following the update.

EDIT - The same happened on my W7 Starter netbook, only in this case it appears to have been fixed by running the new Malwarebytes as Admin and unticking the 'show a right-click context menu' option (it was ticked but was not actually showing in the menu), then exiting Malwarebytes. Then running Malwarebytes as Admin again, and once more ticking the box and exiting. i.e. untick the box then tick the box, running as admin and exiting both times. The Context menu then appears (so far anyway) to have returned.

Just for information, I had the same thing occur with the 'auto' update to 1.50. The update to 1.50 appeared to go OK but the right-click context menu went missing. I followed your instruction and removed the App, downloaded and re-installed etc, and it came back OK. Thanks for the procedure. Running Win 7 HP (64 bit) and MSE(AV). Note: I did not need to disable the AV though, I tried with the AV still running and it worked OK.

Updated to 4177 and fixed for me as well. Thanks for your quick response.

After updating Malwarebytes today, I'm seeing the same thing. Same file, same key - Rogue.FakeMSE Is this a FP? System Windows 7 Starter MSE (AV) Malwarebytes 1.46