Jump to content

Recommended Posts

OK I have this running on a Win7 VM and I encountered a block.  At first it installed fine and said no issues were found.

 

I noticed I had 52 Windows updates to do, so I allowed them to install, when it got to update 3 of 52 (Security Udpate for Microsoft .NET Framework 4.5, 4.51 ....) I received the following Detection.

 

I clicked Close for now, and will wait to see if the updates finish.

 

Notice, I went to the program and clicked on Quarantine and there is nothing listed in there, is that normal?

 

Win7Pro VM 32bit (fully patched except for these 52 updates that are installing)

2GB Ram

 

 

 

post-17127-0-20266400-1453838176_thumb.j

ngen.rar

Link to post
Share on other sites

Thanks, just a quick question if you don't mind...

 

You state that this is now fixed, is MBARW that I have installed, automatically downloading updates?  How is it getting the info that it is now not to detected these files? Is there a database update happening in the background or talking live to an external server?

Link to post
Share on other sites

Great, thanks Nathan for the info...

More on this issue:

 

Checked for updates and had these optional updates to install, so I decided to install them. (notice the .NET update KB3080079

post-17127-0-10152400-1453923087_thumb.j

 

Updates installed fine, after a reboot I encountered another blocked ransonware activity as shown below, I clicked OK and MBARW asked me to reboot.

post-17127-0-61965000-1453923201_thumb.j

 

This is what is showing in the Quarantine:

post-17127-0-19917500-1453923552_thumb.j

 

 

MBARWFILES.zip

mscorsvw.rar

Link to post
Share on other sites

Pardon me for butting in on someone else's thread, but the news that these fixes are happening for users as soon as they have been reported as fixed in the threads is great news.

 

From reading all the threads here, it seemed implied, but this is the first time I have seen it stated. After reporting a potential false positive myself, I thought the fix would come out in the next beta release.

 

Surely a feature such as this and rapid response to issues deserves to be clearly stated in the product announcement? Or at least clarified in the fix confirmation, otherwise people won't be testing the fixes.

 

To put it another way, someone might look at the number of threads reporting issues and not want to try MBARW, believing these issues are outstanding, rather than fixed! Maybe also marking the threads as solved?

Link to post
Share on other sites

I had a similar experience this morning.  My installation of Anti-Randomware (AR) went great.

 

This morning I had an optional update of .Net Framework 4.6, so installed it.  I didn't reboot, as required since I didn't need the app that uses .NET Frameworks just yet.  After a while AR popped up and said it quaranteened some malware.  It quarantined mscorsvw.exe. And the accompanying optimization registry key.  "malware.ransom.agent.generic"  64bit Win7 Pro SP1 mine is kept up to date on a Lenovo R-500.

a user friendly log would be nice for printing and troubleshooting.  My first post so hopefully I got it right.

antiransomware1.ziplogs.zipMalwarebytes Anti-Ransomware.zipmscorsvw.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.