Jump to content

SoftwareBundler:Win32/GoFileExpress and Windows Defender

asgerhallas
 Share

Recommended Posts

asgerhallas

asgerhallas

Posted
Posted

Hi

 

I've just downloaded the MalwareBytes scanner and as soon as I run it Windows Defender pops up with a threat named SoftwareBundler:Win32/GoFileExpress.

 

I got a few questions about this.

 

1. Do anyone know what SoftwareBundler:Win32/GoFileExpress is, what it does and where it comes from?

2. Why is it Windows Defender that notifies me about this, and not Malwarebytes?

3. And why does this threat popup the exact moment I started the Malwarebytes scanner?

 

Hope you can help.

 

All the best,

Asger Hallas

 

Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hello and welcome:
 
The first question: from what source did you download the MBAM installer?
The safest source is the official site: http://www.malwarebytes.org/mwb-download/ or http://www.malwarebytes.org/mbam-download.php

There are no wrappers or other bundled software with the MBAM installer, if it is downloaded from a legitimate site.
 
We cannot say for sure what Windows Defender might be detecting without more information.

I am not aware of any reports here at the forum of a "False Positive" detection by Windows Defender for the MBAM installer or scanner.

 

Let's start with some basic logs:
Please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

If there is some sort of log from Windows Defender, that would also be helpful.

 

Thanks,

Link to post
Share on other sites
asgerhallas

asgerhallas

Posted
  • Author
Posted

Thanks a lot for the fast reply! I didn't get a notification, so I'm a little late to get back to you, sorry.

 

I got the installer from www.malwarebytes.org/mwb-download/ and it was with https , so I'm fairly confident is was ligit. 

 

I must admit I find the logs from those third party tools a little too verbose, including names of files I've created/modified?

Please let me know if there's anything other than posting them to a public forum, that I can do. 

 

Below are the log entries from Windows Defender:

 

Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
  Name: SoftwareBundler:Win32/GoFileExpress
  ID: 206387
  Severity: High
  Category: Software Bundler
  Path: file:_C:\$Recycle.Bin\S-1-5-21-2616356531-775823013-1911381875-1001\$R05GCW8.exe
  Detection Origin: Local machine
  Detection Type: Concrete
  Detection Source: Real-Time Protection
  User: ***
  Process Name: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  Signature Version: AV: 1.189.524.0, AS: 1.189.524.0, NIS: 113.28.0.0
  Engine Version: AM: 1.1.11202.0, NIS: 2.1.11005.0
 
Windows Defender has taken action to protect this machine from malware or other potentially unwanted software.
 For more information please see the following:
  Name: SoftwareBundler:Win32/GoFileExpress
  ID: 206387
  Severity: High
  Category: Software Bundler
  Path: file:_C:\$Recycle.Bin\S-1-5-21-2616356531-775823013-1911381875-1001\$R05GCW8.exe
  Detection Origin: Local machine
  Detection Type: Concrete
  Detection Source: Real-Time Protection
  User: NT AUTHORITY\SYSTEM
  Process Name: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
  Action: Quarantine
  Action Status:  No additional actions required
  Error Code: 0x00000000
  Error description: The operation completed successfully. 
  Signature Version: AV: 1.189.524.0, AS: 1.189.524.0, NIS: 113.28.0.0
  Engine Version: AM: 1.1.11202.0, NIS: 2.1.11005.0
 
Best regards,
Asger Hallas
Link to post
Share on other sites
daledoc1

daledoc1

Posted
Posted

Hi:

 

The FRST logs are posted here and at other computer help communities 100s or 1000s of times a day.

 

However, if you are uncomfortable using the forum for help, I suggest that you might want to log a ticket at the Help Desk.

They will assist you via email.

To open a ticket, please use the web form here: Contact Consumer Support

 

If/when you do, please include a link back to this forum post, so that your support team member can get up to speed quickly:

https://forums.malwarebytes.org/index.php?/topic/161336-softwarebundlerwin32gofileexpress-and-windows-defender/

Thanks again,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.