Jump to content

False positive plus had to reinstall Microsoft Office


jbspear

Recommended Posts

I am using MBARW Beta and recently got a pop-up notice that MBARW had found and quarantined a ransomware attack (I wasn't doing anything in particular at the time, such as browsing the itnernet).  Despite the notice, I could find nothing in my quarantine file.  Right afterwards, however, I found the short-cut icons for my Microsoft Office products (WORD, Powerpoint, etc) no longer worked and I was completely unable to start these programs.  I ended up reinstalling all of the Microsoft programs which now start and run properly.  I have a gut feeling that the disconnection of the Microsoft start instructions for these programs was in some way rated to the way MWBARW responded to the "attacks" but I can't be sure.  Since there was nothing in my quarantine file I have no way of knowing if I actually experienced a ransomware attack or if this was a false positive. 

Link to post
Share on other sites

Hello jbspear and :welcome:

Please create the following archives for developer analysis:

Create a ZIP archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

Thank you beta testing MBARW and your good feedback.

Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/8582c451302eaa2a834077412717b200730cd2741c7b61d587f4f0139a94d0fd/analysis/

Hello jbspear:

Available data does point to a false positive and you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6568.2036\OfficeClickToRun.exe

If the issue re-occurs, the then latest Microsoft Office Repair procedure can be passed to you obviating the need to perform a Microsoft Office re-install.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

  • 2 weeks later...

It happened again this morning.  I am afraid I will have to uninstall the Beta until this problem is fixed.  I am running Windows 8.1 which doesn't seem to have the 'repair' option which means I have to reinstall office everytime it is wiped out by the MBARW. 

Link to post
Share on other sites

Hello jbspear:

If you have not already uninstalled MBARW Beta, would you please consider following the below information gathering procedure?

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

A temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.

Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

6 minutes ago, jbspear said:

Daman1 -- My problem was  with Office 2016.  I also have 2010 installed on my computer and that version is not affected.  I ran a Microsoft repair program which has fixed the problem I experienced with 2016. 

Ahh ok thanks for posting back :)

Link to post
Share on other sites

I second jbspear: my MS Office 2016 click-to-run got disabled twice as a false positive, had to re-install MS Office.  Initially I did not know what was stuffing up my Office installation, thought it was a virus.

You guys need to believe users a bit more, not to be almost dismissive of the complaints.

I am uninstalling your software beta.

Link to post
Share on other sites

Since MBARW is a beta test program, I feel like I should expect some glitches which can be reported to the developers so they have an opportunity to study and fix them.  The first time my shortcuts to Office 2016 disappeared, I was able to create a zip log of the event for which the folks at Malwarebytes thanked me (even though my quarantine file was empty), and I'll do the same for the latest event as soon as I have time.  Also, the first time this happened, I fixed my Office 2016 by reinstalling everything but this time I was able to simply run a Microsoft Repair program which was a fairly quick and easy fix.  I did say in this forum that I would uninstall MBARW s because of the problems I've experienced, but now I've reconsidered and will continue to let it run.  Why?

Last year my wife's computer was a victim of ransomware and it was pretty awful -- she lost a huge number of documents, photos and all sorts of other irreplaceable items, and there was nothing we could do about it unless we caved in and paid the ransom demands.  We opted not to pay anything so all that stuff was lost.  I have even more important material on my computer than my wife does -- business documents, a huge music collection, videos etc etc which I cannot afford to lose.  So as far as I'm concerned the purveyors of ransomware are among the biggest scumbags on earth and I'm really pleased someone (MWB) has taken on the challenge of putting them out of business.  So I'm going to hunker down and get over whatever irritations may accompany the beta program, knowing that whatever problems it may have, it is WAY better than losing all the stuff on my computer to some censored in Russia who doesn't know how to make an honest living. 

 

Link to post
Share on other sites

Third time in one month that the programm killed my office. Even the exclusion I made did not work. As I have installed the MWB software on three computers, now I can re-install office on all three PCs.

As I cannot work that way, I need to delete MWB from my systems. Please inform me as soon as you have a working version, even if I have to pay for.

 

Link to post
Share on other sites

Hello @jensskov and :welcome:

It is disappointing to read your testing system is having MBARW Beta issues but each computer is unique. Problems that seem "the same" frequently are not.

The same is true for solutions. Solutions may often need to be individualized for your unique testing system.

It is less confusing for everyone if a "One Member Per Topic" policy is adhered to instead of posting to the topic of another member.

Development Team Members, Staffers and helpers will be able to more easily provide both you, and the OP/Topic Starter, with individualized assistance.

Please start a NEW, and SEPARATE topic by left-clicking this >>Start New Topic<< link now.

Thank you always for your patience and understanding.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.