Jump to content

Malwarebytes version 1.38 has a virus?

Manami
 Share

Recommended Posts

Manami

Manami

Posted
Posted

Today I updated after a week of NOT UPDATING and it says that 1.38 was released and that MBAM will close in order to install, extract, etc... (in order to install the latest version)

So when it start installing, my THREATFIRE pops up saying the following:

ALERT

An application has performed and action that is potentially malicious.

Risk: HIGH

Name: Malwarebytes'Anti-Malware -MBAM-SETUP.EXE

"What happened?"

A system driver has been modified.

"Risk Level"

HIGH. This action might present a threat to your system security. Some legitimate and trustworthy programs perfroms this action, but it is not common.

"Threat type"

This attack typical ly appears in trojans, viruses and some types of adware.

Please select an action:

* Allow this process to continue

* Kill and quarantine this process

"Proceed"

I know that this forum is about malwarebytes but I don't know why threatfire is actiong like this...

I have had MBAM a few months ago and I updated and downloaded the latest version (the one before 1.38) and thretfire never poped up saying all this about: ALERT

An application has performed and action that is potentially malicious.

What should I do?

Is this new version of MBAM clean and secure?

I can't do anything until I select an the action on THREATFIRE...which are:

* Allow this process to continue

* Kill and quarantine this process

What should I do?

Please help.

Link to post
Share on other sites
yardbird

yardbird

Posted
Posted

Hi and welcome to the forum! Please Allow this process to continue Let your AV trust the new version of 1.38 and its mbam files! These files:

Add the following files to the exclusion listor trusted area:

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows 2000/XP)

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows Vista)

Update your Malwarebytes database & run a quick scan if you think you have an infection.

Something to read: by our Administrators

I do apologize for the trouble but in almost every case it has been due to the customers Anti-Virus blocking our new version. The Anti-Malware and Virus field has become much more complicated and those writing the Malware are using more and more sophisticated methods to get onto your box and hide or disable other tools so we, along with the Anti-Virus makers, have had to step up methods to help prevent infections which has also made it more difficult to install other Security Products as well. Though by now these other Anti-Virus vendors know for a fact that we've updated our program and they could very easily do fingerprint analysis of our program and place it within their built-in Trusted Applications list, but many of them do not.

Please review this article and even if you have previously setup or done this method please try again but adapted to your version of Anti-Virus or other Security Tools. Anti-Virus is not the only tool capable of blocking either the program but also updates. Firewalls also automatically block our new version because the fingerprint does not match the previously allowed version, often not alerting because many users either don't enable that feature or they get tired of alerts and turn it off. If you review your other security programs you will probably find deep in the logs where one or more programs are blocking the newer version of MBAM.

Again, please review this post and adapt for your own security software which can be more than just AV blocking.

MBAM-SETUP.EXE is not a threat or virus Please post back with any questions

Link to post
Share on other sites
  • Staff
TeMerc

TeMerc

Posted
  • Staff
Posted

This is a false\positive by ThreatFire, do they have a way to report these?

If so please use that function to alert them to it so they can adjust the detection strings. It may also be a heuristic hit as well.

Submitting now as f\p to website..................errr......maybe not their site is not cooperating

Link to post
Share on other sites
lordpake

lordpake

Posted
Posted
This problem is also in Kaspersky products.

It's a known quirk of later Kaspersky products which incorporate behavioural detection.

Upgrading/installing MBAM version gives "generic behaves like a trojan" warning. Which in itself is correct when you think about it :D

Link to post
Share on other sites
Alex_computer

Alex_computer

Posted
Posted
It's a known quirk of later Kaspersky products which incorporate behavioural detection.

Upgrading/installing MBAM version gives "generic behaves like a trojan" warning. Which in itself is correct when you think about it :D

Yes, the application control in Kaspesky products can get quite annoying sometimes. That's why i have it off : )

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.