thisisu

Let the program do its job in removing those files unless you know where those log files are from. If you know what they are from, add an exclusion.

It's an older detection (~2016). I would say real threat but just a remnant as it didn't link to an executable. Just a registry value that doesn't belong on the system as Adobe Reader doesn't use this startup value (or any startup value AFAIK) Hope this helps, if you have further questions. Feel free to attach the full Malwarebytes log to be reviewed. Regards

Hi pradeephs, Thanks for that. This is an old rule which hits that directory because malware sometimes hides there. I would advise moving those logs to a different directory/folder to prevent further detection. Let me know if you need further assistance Thank you

Hi pradeephs Without a log from Malwarebytes, it's hard to tell what would be detecting this log file. Can you please follow the instructions here? Thanks

No problem

Reviewed and whitelisted the files you attached: 89C8E16C53B4EB5879C66C2FC35E4F69 661C51839E80C121B0BE10D979E2FBF4 3CDAB78B2546DDE1B25A96D7692D3DEC __ It won't be necessary unless they are actually detected by us. In which case, attach the newer file(s) that are detected so that we can gather more data on the similarities between the files. Regards

No problem!

Thanks that worked. Yes it's a false positive that should be fixed by now. Let us know if you encounter additional issues.

Hello, Can you zip and attach that D:\Data\Download\Aslains_WoT_Modpack_Installer_v.1.6.0.8_02.exe file for review please? Thanks

Hello, Can you kindly attach the C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG for review please? Thanks

Hello, It's a false positive. A database update is going out now to resolve this. Sorry for the inconvenience.

Was a false positive. It should be fixed now. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. Regards

Hi Tgabor, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. AE87665288C23826DC42936C88B5C601

Hello GDog, I understand that in this case it's a false positive and I too don't like detecting software built by Microsoft, although we're not detecting Process Explorer, just a registry key that was being used to launch Process Explorer instead of Task Manager. The detection is in place due to malware now abusing the registry key. It's not a part of the operating system by default. The detection is new to the database which is why you are just now seeing it. Having Malwarebytes delete this entry wouldn't delete the default Windows Task Manager. The executable is still present. Your default Task Manager would be reverted is all. You would just have to go back into Process Explorer, select Options and tick Replace Task Manager again. Hope this clears things up Regards

Yes it was part of a database update from yesterday (the 22nd)