Jump to content

False Positive or real Ransomware?


Recommended Posts

AntiRansomware 6 is flagging the attached as ransomware; would someone be so kind as to review and advise?


As I do not know if it is a false-positive or not I am hopeful that I am posting this properly, and PLEASE don't experiment with the attached unless you know what you are doing! I don't want to be the "Typhoid Mary" of the forum!


Link to post
Share on other sites

Hi, @brucemc777, and :welcome:

I sent your file over to the VirusTotal scanning facility (online) and the results show 0 reports of an infection.  See https://virustotal.com/en/file/a2c239f16d4a3ed65ee0de1ea649680c6ce96c393e80145fae855890a83e30fc/analysis/ for more information.

Additionally, I did a Google search for that file, and I found its source:  http://www.copytrans.net/support/product-related-faqs/copytrans-drivers-installer/

It seems as if that file is useful for using that particular software with a variety of iOS devices to assist in copying data to/from those devices to/from other devices.

I will let @1PW advise you on any following steps that you need to take.

Link to post
Share on other sites

Hello brucemc777:

Please create the following zipped archives for developer team analysis:

Create a zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.

Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

@John L. Galt - I thought this sort of critter was alien to VirusTotal and a specialty of MWB so I frankly didn't even think of sending it through there mill! Thanks for having a look. I do use CopyTrans a lot, not only for transferring music to my phone but also archiving all my SMS, so when I ran into this recently I was rather concerned. Much appreciation of the fast review!


@1PW - Here y'all go- It was a bit of a trick, as I first tried just stopping protection and exiting the program but it still refused to archive a couple files (claiming "in use"), but finally copying them to alternate temp directories I was able to comply- didn't think an empty log file would do you much good...


Malwarebytes Anti-Ransomware.zip

Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/A59FD7D9128E3FFD357C73A4D2392C324E3B1886A2D6A25991D6F2CD5C9F199D/analysis/ Signed

Hello brucemc777:

Available data strongly suggests a false positive and, if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:


At any time, a development team member, QA team member or staffer may request the above temporary exclusion be altered/removed.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.