Jump to content
Massimiliano22

AntiRansomware - Strange Behaviour

Recommended Posts

Hi everybody,

I've installed Malwarebytes Anti-ransomware (BETA 0.9.15.416) on a Windows 7 virtual machine, downloaded some photos and pdf and then launched an attachment infected with Crypt0L0cker.

On the first execution,  all the photos in the test folder on desktop has been encrypted. Then Malwarebytes Anti-ransomware unexpectedly quit but the process of encrypting files stopped. The other files (pdf and txt) in download and other folsers, remained untouched. Reboot

On the second execution, the photos in the test folder were untouched (as the other documents) but in Quarantine only the cryptolocker files and registry keys from the first run are shown. reboot

On third execution, the photos in the test folder were untouched (as the other documents) but in Quarantine only the cryptolocker files and registry keys from the first run are shown. reboot

Thank you and best regards,

Massimiliano

Share this post


Link to post
Share on other sites

Hello Massimiliano22 and :welcome:

Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.