Jump to content

False Positive Medved Trader


Recommended Posts


Hello pigsy and :welcome:

sp. -10  :lol:

Please create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

The previous archive seems to have lacked critical information.

Thank you.



Link to post
Share on other sites

Hello pigsy:

The required content was still not present.  If you agree, I believe a start from clean installation might help in several allied areas.

Rather than a simple over-the-top re-install of MBARW Beta6, please consider a clean re-install of MBARW Beta6:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta was uninstalled successfully, the following directories will have been deleted from a typical Windows x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Completed the uninstall and re-install as per above instructions.

Medved Trader was found to be a false positive again.

Added "F:\Program Files (x86)\Medved Trader\MT.exe" as an exclusion. 

Medved Trader is still being found as a false positive.

Note: Not sure if this will help but the command line to launch MT.exe is as follows.

"F:\Program Files (x86)\Medved Trader\MT.exe" /LogLevel=10


Here are the log files again.

Note: Could create a zip of the log file said the file was in use. Was able to copy it directly to uploads though as attached below.


Malwarebytes Anti-Ransomware.zip


Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/fc1e9b8f5dff3780ddaccb1224badf601e0405192f599e93bd70b7e7361f7afc/analysis/1459966798/ Signed

Hello pigsy:

Thank you for the data.  Since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the MBARW Beta developers, please allow the entry to remain until you are requested to remove it:

                                             F:\Program Files (x86)\Medved Trader\MT.exe

At any time, a MBARW Beta development team member, QA team member or Staffer may request the above temporary exclusion be altered/removed.

It is unknown if it will be a significant fact, but the computer in question does not seem as if its x64 OS has been updated to Windows 7, Service Pack 1 yet.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.