Jump to content

False Positive - dbf reindexing


papi

Recommended Posts

Hello,

This is a vb6 program that has an option to reindex DBF files thus creating, at least, one CDX file for each DBF it processes.

I think it must be classifying this behaviour as strange because, while using the same program  for other tasks, it doesn't complain.

Also, when I detected this, I added it to the exclusions but it's still being detected as ransomware and, when detected, it forcibly exits the program and says it's being moved to quarantine but when I check, the file is not there. Furthermore, the process keeps running in the background.

Thanks,

Paulo

Malwarebytes Anti-Ransomware.zip

wgo.zip

logs.zip

Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/d9da28c347afaea8627b58d48e806692128b2cec578fd8e85f6ab1bb48a8e008/analysis/1459857925/ Unsigned

Hello papi and :welcome:

Available data does suggest a false positive and, if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

                 D:\WinGecob\adsobras\WinGecobObras.exe

At any time, a development team member, QA team member or staffer may request the above temporary exclusion be altered/removed.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.