Jump to content

thisisu

Staff
  • Content Count

    3,682
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by thisisu

  1. Hi Tgabor, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. AE87665288C23826DC42936C88B5C601
  2. Hello GDog, I understand that in this case it's a false positive and I too don't like detecting software built by Microsoft, although we're not detecting Process Explorer, just a registry key that was being used to launch Process Explorer instead of Task Manager. The detection is in place due to malware now abusing the registry key. It's not a part of the operating system by default. The detection is new to the database which is why you are just now seeing it. Having Malwarebytes delete this entry wouldn't delete the default Windows Task Manager. The executable is still present. Your default Task Manager would be reverted is all. You would just have to go back into Process Explorer, select Options and tick Replace Task Manager again. Hope this clears things up Regards
  3. Yes it was part of a database update from yesterday (the 22nd)
  4. Hello asianmusicguy, The detection is OK in your case. You can ignore it since you chose to use Process Explorer to replace the Task Manager (taskmgr.exe)
  5. Hello Clay, Please read the following:
  6. Hi Seth, Please read the following:
  7. Hi. Can you try attaching the sample again or uploading it to VirusTotal and providing the link? I'm unable to extract anything from this archive you attached here Regards
  8. No problem Regards
  9. Thank you. It should be fixed by now. If still detected on your end, perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. BCF3910EE89A3A45FD2AFB6F74A796ED
  10. Hi Kay, Can you attach that LimboLauncher.exe file that's being detected and/or the following log file? C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG Thanks
  11. Yes. It should be fixed. If it's still detected on your end, you may need to clear your hubble cache. Here's how: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan.
  12. You can ignore the detection. This particular file is clean.
  13. Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. 7c8238711e883cbfcf765373c1799992 efe1aa2e94334006c1b4e2da48506b89
  14. Should be ok now. Please report any future issues regarding this application by submitting a scan log showing the detection. Thank you
  15. Working on a more permanent fix for this
  16. Hello. I'm not seeing a detection on this file either (D5AC8A7E9703339AB9CC8D8E3F94AD9F) If still detected on your end. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan.
  17. No problem. We're going to keep it listed as Adware.FusionCore
  18. This doesn't appear to be a false positive. We detect this installer because it is bundled with a .DLL that belongs to an Adware family known as FusionCore -> hYEBnFBwH.dll MD5: EDDA84B853315B732C1B26F1D9E042A4 I believe it is the "Install Additional Codec" option you have selected. We might lower the detection to PUP.Optional instead of Adware though after I have a chance to confer with my colleagues. Thanks for your report
  19. Fixed in : MBAM2 Version: v2019.06.19.13 MBAM3 Version: 1.0.11146
  20. Thanks for reporting. It's a false positive and we are publishing a new database to remove this detection
  21. Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan.
  22. Fixed in: MBAM2 Version: v2019.05.26.07 MBAM3 Version: 1.0.10782
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.