Jump to content

Graphics Driver False-Positive?


Demonslay335

Recommended Posts

I've received a "Ransomware Detected" notification after installation of my nVidia graphics driver, and then Intel graphics driver.
 
2016-01-26_0939.png

2016-01-26_0947.png
 
MBARW seems to not like the streaming service I guess for the nVidia, not sure what of the Intel driver triggered it. The install of the driver and GeForce Experience software completed fine, I got the notification after the installs.
  
Here's the link to the exact file I downloaded from nVidia's website for my GeForce GT 525M on my laptop.
 
http://us.download.nvidia.com/Windows/361.43/361.43-notebook-win8-win7-64bit-international-whql.exe
 
Here's the Intel Graphics 3000 driver I downloaded from Intel's website (I know it's a "previously released" version, but the latest release is having a bug with my system that I'm troubleshooting).
 
https://downloadmirror.intel.com/24696/a08/win64_152823.exe

Link to post
Share on other sites

Hello,

Thanks for your feedback! It looks like you are having issues with some type of false positive. In order to fix this issue the quickest way possible we will need to collect some files to review for information.

Please follow the steps below:

1.) Hold down the Windows Key(Flag Button) + Press "R". If done correctly a "Run Box" will appear.

2.) Type or copy and paste the following in the "Run Box" textbox: "%programdata%\Malwarebytes\Malwarebytes Anti-Ransomware" (Include the quotes)

3.) If the last step was done correctly, you will see an explorer window with some files in. Please highlight all files in this directory by Clicking and Holding the left mouse button and hovering over all files.

4.) With all files selected, right click any files and click "Send To" >> "Compressed (Zipped) Folder".

5.) If done correctly, you will have a new zip file. Rename this "MBARWFILES".

6.) At this point upload the MBARWFILES.zip to this thread through the attach file option. If the file is too large, please upload it to a sharing link site like Dropbox, Box, etc.

Thanks! If you need any help please dont hesitate to ask.

Link to post
Share on other sites

Blarg, it's going haywire again. Not sure if I should open a new topic since it's different false-positives.

 

MBARW is quarantining Git (bundled with SourceTree) and Microsoft Word, and I think it's trying to mess with Chrome right now since my Hangouts is going nuts. I seem to have trouble with this program when I first startup my system.

 

One thing that might not be helping is that I was working on improving the decrypter for Hidden Tear yesterday; it probably thought that when I compiled the decrypter and then committed to my local Git repository that Git was an infected process. Word was quarantined when I decrypted a .doc file successfully and viewed a preview of it in Explorer.

 

Attached is a new dump. The NvStreamService.exe in the quarantine won't let me restore it, it says there was an error (not too concerned about that one). The others won't let me restore since they are pending deletion on reboot it says.

 

2016-01-28_0811.png

MBARW-FILES.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.