thisisu

Hi Tgabor, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. AE87665288C23826DC42936C88B5C601

Hello GDog, I understand that in this case it's a false positive and I too don't like detecting software built by Microsoft, although we're not detecting Process Explorer, just a registry key that was being used to launch Process Explorer instead of Task Manager. The detection is in place due to malware now abusing the registry key. It's not a part of the operating system by default. The detection is new to the database which is why you are just now seeing it. Having Malwarebytes delete this entry wouldn't delete the default Windows Task Manager. The executable is still present. Your default Task Manager would be reverted is all. You would just have to go back into Process Explorer, select Options and tick Replace Task Manager again. Hope this clears things up Regards

Yes it was part of a database update from yesterday (the 22nd)

Hello asianmusicguy, The detection is OK in your case. You can ignore it since you chose to use Process Explorer to replace the Task Manager (taskmgr.exe)

Hello Clay, Please read the following:

Hi Seth, Please read the following:

Thanks Dave. Reviewing it now.

Hi. Can you try attaching the sample again or uploading it to VirusTotal and providing the link? I'm unable to extract anything from this archive you attached here Regards

No problem Regards

Thank you. It should be fixed by now. If still detected on your end, perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. BCF3910EE89A3A45FD2AFB6F74A796ED

Hi Kay, Can you attach that LimboLauncher.exe file that's being detected and/or the following log file? C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG Thanks

Yes. It should be fixed. If it's still detected on your end, you may need to clear your hubble cache. Here's how: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan.

You can ignore the detection. This particular file is clean.

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. 7c8238711e883cbfcf765373c1799992 efe1aa2e94334006c1b4e2da48506b89

Should be ok now. Please report any future issues regarding this application by submitting a scan log showing the detection. Thank you