False Positive Medved Trader

[pigsy]

Stockmarket sharting program.

 

MT (2).zip

Malwarebytes Anti-Ransomware.zip

logs.zip

[pigsy]

Charting. LOL spelling.

[1PW]

 

Hello pigsy and

sp. -10 

Please create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

The previous archive seems to have lacked critical information.

Thank you.
 

 

 

[pigsy]

I closed down Anti-Ransomware but I can't add MBAMSERVICE to the zip as it's being used by another service.

logs.zip

[1PW]

Hello pigsy:

The required content was still not present.  If you agree, I believe a start from clean installation might help in several allied areas.

Rather than a simple over-the-top re-install of MBARW Beta6, please consider a clean re-install of MBARW Beta6:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta was uninstalled successfully, the following directories will have been deleted from a typical Windows x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\
                         C:\ProgramData\MBAMService\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the saved MBARW_Setup.exe file and left-click   Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

[pigsy]

Completed the uninstall and re-install as per above instructions.

Medved Trader was found to be a false positive again.

Added "F:\Program Files (x86)\Medved Trader\MT.exe" as an exclusion. 

Medved Trader is still being found as a false positive.

Note: Not sure if this will help but the command line to launch MT.exe is as follows.

"F:\Program Files (x86)\Medved Trader\MT.exe" /LogLevel=10

 

Here are the log files again.

Note: Could create a zip of the log file said the file was in use. Was able to copy it directly to uploads though as attached below.

MT.zip

Malwarebytes Anti-Ransomware.zip

MBAMSERVICE.LOG

[1PW]

Reference: https://www.virustotal.com/en/file/fc1e9b8f5dff3780ddaccb1224badf601e0405192f599e93bd70b7e7361f7afc/analysis/1459966798/ Signed

Hello pigsy:

Thank you for the data.  Since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the MBARW Beta developers, please allow the entry to remain until you are requested to remove it:

                                             F:\Program Files (x86)\Medved Trader\MT.exe

At any time, a MBARW Beta development team member, QA team member or Staffer may request the above temporary exclusion be altered/removed.

It is unknown if it will be a significant fact, but the computer in question does not seem as if its x64 OS has been updated to Windows 7, Service Pack 1 yet.

Thank you for beta testing MBARW and your valuable feedback.