-
Posts
7,470 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by thisisu
-
MBAM blocks utorrent since yesterday
thisisu replied to alexdnn's topic in Malwarebytes for Windows Support Forum
You're welcome. No you won't need to reinstall MBAM -- It should update on its own. Database v2016.02.16.06 is available now. -
MBAM blocks utorrent since yesterday
thisisu replied to alexdnn's topic in Malwarebytes for Windows Support Forum
Actually we're going to remove these detections. I was wrong about the installer file being the same as the main executable. They are indeed the same. The bulk of definitions are being removed in database version v2016.02.16.06, the remaining ones will be removed in v2016.02.16.07. Sorry for any inconvenience caused. -
MBAM blocks utorrent since yesterday
thisisu replied to alexdnn's topic in Malwarebytes for Windows Support Forum
Most likely you still have an installer for µTorrent on your PC which in most cases contains the OpenCandy module. I provided an example below with one of the pre-checked offers on the left. This is the OpenCandy portion of the installer. Basically we're saying that "Pluto TV" is potentially unwanted since it's being offered by an installer that should only contain µTorrent. This is why it is currently detected as PUP.Optional.OpenCandy which is a lesser detection compared to Trojan, worm, rootkit, etc. If you already have µTorrent installed, you should be able to safely quarantine the installer file which is not the same as the µTorrent application itself. Use the shortcuts on your desktop or start menu to access µTorrent, not the installer you originally downloaded and installed. -
Hi mikebrayshaw, I'm pretty sure I know which detections you are referring to without even seeing the log so I wanted to respond now incase I didn't get a chance later on today. These are not false positives. The software has changed since August 2015 and has met our criteria for listing as potentially unwanted once again in February 2016. It is currently detected as PUP.Optional.DriverRestore which is a lesser type of detection compared to "Trojan", "Rootkit", "Worm", etc.. You are welcome to continue using the software if you'd like. Here is how to add it to Malwarebytes' exclusion list so future scans of Malwarebytes do not detect it: Open Malwarebytes Choose Settings Choose Malware Exclusions Now use the Add File and/or Add Folder buttons in the bottom right of the screen to which folders and files for Malwarebytes to ignore. That's all If you'd like to understand more and/or you are the developer of this software, please read: Malwarebytes PUP Criteria Best regards
-
Hello, This is a file threat as opposed to Website Blocking right? In any case, please provide your log so we can take a look.
-
JRT removes HTTPS Everywhere
thisisu replied to Saber4995's topic in Malwarebytes Junkware Removal Tool Support
Will be fixed in next update. Thanks for reporting. -
Possible false positive?
thisisu replied to nukecad's topic in Malwarebytes Junkware Removal Tool Support
I've delisted this one and another similar file in version 8.0.3 which will probably be released within the next few days. They appear to be from ASUS, but if it gets returned on reboot, there's really no point in JRT deleting it. -
JRT Wrecking IE 6
thisisu replied to redwolfe_98's topic in Malwarebytes Junkware Removal Tool Support
Thanks all. The toolbar issue should be fixed in 8.0.3 which will hopefully be released soon. Haven't been able to reproduce the SearchAssistant value being deleted using that URL so I have that left that alone for now. -
JRT Wrecking IE 6
thisisu replied to redwolfe_98's topic in Malwarebytes Junkware Removal Tool Support
Do you get an error message of any sort when you try? If so, can you relay that to me. I was able to reproduce this as a FP which in turn deletes the HKLM version of "StartPage" too. Will be fixed in the next version -
JRT Wrecking IE 6
thisisu replied to redwolfe_98's topic in Malwarebytes Junkware Removal Tool Support
Hi, IE6 should still launch, why do you say it's "wrecked"? So I can get a better understanding, what URL(s) were these set to? HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value) HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) __ As for these below (something I was able to research), they appear adware related to me and others. HKCU\Software\Microsoft\Internet Explorer\Toolbar\\{1E796980-9CC5-11D1-A83F-00C04FC99D61} - here, here, and hereHKCU\Software\Microsoft\Internet Explorer\Toolbar\\{710EB7A1-45ED-11D0-924A-0020AFC7AC4D} - here, here, and here Regards -
Possible false positive?
thisisu replied to nukecad's topic in Malwarebytes Junkware Removal Tool Support
Hi, Thanks for your report. That file probably is related to ASUS X551MA being the model number of the product 8086 being a vendor number associated with Intel Unsure about that last string (AF0620EC) In any case, I'll remove detection for it in an upcoming build if it is constantly readded. But no, it doesn't appear to be malware related. It's just an unusual place for any software to drop a system file. Regards -
JRT 8.0.2 Issues
thisisu replied to Crimsoncricket's topic in Malwarebytes Junkware Removal Tool Support
No problem -
JRT 8.0.2 Issues
thisisu replied to Crimsoncricket's topic in Malwarebytes Junkware Removal Tool Support
Hello Can you confirm you're running version 8.0.2 and then that's pulling down the update? If you're running 8.0.1 (from wherever), it will pull down 8.0.2 to %temp%\jrt\JRT_NewerVersion and then run. If you run 8.0.2 again, it won't pull itself down again. However, if you run 8.0.1 again, it will. The Content.IE5 folders -- this is normal behavior and indeed isn't an infection. -
Hi, A new version of JRT was released today -- 8.0.2 Changelog: Version 8.0.2 (01.06.2016:1) New heuristic: MintCast Updated: Database Updated: Whitelist -> FireFox -> GreaseMonkey custom scripts Updated: Heuristic -> Content.IE5 folders -> Now includes support for Windows Vista, 7, 8, 8.1, 10 Thanks everyone for being patient. We'd like to hear your feedback! Regards, Filipos
-
AVAST update being blocked as trojan agent upx !
thisisu replied to haney's topic in File Detections
Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314 -
Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314
-
Avast Instup.dll being reported as a Trojan.Agent.UPX
thisisu replied to MaincoonKat's topic in File Detections
Thank you for the report. This is being fixed in about 15-20 mins. -> https://forums.malwarebytes.org/index.php?/topic/176908-possible-false-positive-on-avast-instupdll/#entry1010314 -
Thank you Clade
-
Nice So it seems fixing some of the issues via sfc /scannow helped. Maybe the volume is somewhat dirty -- this can delay scan times too. Glad to hear it's somewhat working despite the longer than expected scan time. In general, the browser scan does take the longest. Regards
-
Hi Thanks for the additional information. I know there were some issues with the shortcut scan in the past but I haven't heard of any issues since 8.0.0 was released. I rewrote the entire tool in that version. 16 minutes to scan is definitely longer than it should be. Have you checked for other issues on the computer (possibly bigger than adware/junkware problem)? If you don't mind, you might want to visit here just to make sure you nothing else may be causing an issue. Unfortunately I wasn't able to replicate the issue here. I'm seeing the tool complete even on Windows 10 Pro x64 PR so I'm thinking it's probably not related to JRT (link to pics below) but will continue to monitor forums if others are experiencing the same issue which might help me identify the cause. http://imgur.com/a/ZZUeh Regards
-
Hi, So the problem is only on Windows 10 x64? I'll be able to test for issues later on today and into the next week.
-
Installed Windows 8.1 Portuguese version. No issues here but this is a clean install with default amount of shortcuts. Since the screenshot you posted is from Windows 10, make sure you're not clicking inside the command prompt window as the tool is scanning as I've noticed it will pause the scan right there. You can press the ESC key to unpause/continue. I'm not sure if this applies to your situation or not. I'll keep an eye out for others that may experience this issue. Thanks again for reporting. Happy Holidays
-
Thank you for the report. I'll try to replicate the issue. You're using Portuguese version of Windows 7, 8.1, and 10 -- is that correct? Regards
-
Hi, Thank you for reporting this. "it told me that it so successfully." the files were quarantined successfully? Can you please post the full report and/or let us know which database version you are using. Also, can you attach said files for review please? Thanks!