thisisu

Hi, Can you please upload the file to VirusTotal.com so we can review it and prevent this from happening again? Usually the MD5 is enough but it's also unknown to VirusTotal so we have no way of retrieving it Thanks

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan.

Fixed in MBAM2 Version: v2018.10.02.01 MBAM3 Version: 1.0.7129

Thanks for the report. It will be fixed in the next update. Sorry for the inconvenience

Just an update to this, figured it out was indeed from a previous false positive. It was originally reported here: Different files but same rule was responsible for detecting both It was fixed on 12/9/18. So just make sure your user updates their MBAM database.

Thank you for that. I'm unable to reproduce the detection with this particular file. We did have a Backdoor.Bot false positive recently and I'm thinking it may have hit this file as well. Please send updated logs if there is still an issue. Thanks 37B033A0F251940544719C86234E577E

Thanks. Whitelisted that one as well 0035A88FBF8EEFE598477105506613C6

Thank you both. It should no longer be detected. Sorry for the inconvenience.

Removed that rule in the meantime as it does appear to be a false positive.

Hi, Thanks for reporting. Can you please zip and attach C:\PROGRAM FILES (X86)\MOZILLA MAINTENANCE SERVICE\UNINSTALL.EXE for review?

Hi Gt-truth, They are not false positives. You should remove them

I think it's highly probable. We'll likely end up having to gather a few different versions to compare and to prevent future iterations of that program from being detected by Shuriken.

Should be fixed now for v10.15.0.24. Give it about 10 mins. If you have a problem with DriverMax 10.14.exe being detected, attach that one as well please.

Hi, can you please attach that file? D:\Tlchgts-Logiciels\Drivermax 10.15.exe Thanks

My pleasure!