Jump to content

False Positive - TeslaDecoder.exe

SimonKravis

By SimonKravis
in Anti-Ransomware Beta

 Share

Recommended Posts

SimonKravis

SimonKravis

Posted
Posted

The decrypting program TeslaDecoder.exe ( see http://www.bleepingcomputer.com/forums/t/576600/tesladecoder-released-to-decrypt-exx-ezz-ecc-files-encrypted-by-teslacrypt/)

is detected as ransomware when it is run to decrypt TeslaCrypt files.After I added the executable to exceptions (after rebooting) it was still detected as ransomware and deleted. Zips attached as requested.

TeslaDecoder.zip

Malwarebytes Anti-Ransomware.zip

logs.zip

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Reference: https://www.virustotal.com/en/file/49a1e6d3104ac1be98d7f2c7f732e6712554144d651ff84c55d522901fd4bc03/analysis/1464973023/ Unsigned

Hello SimonKravis:

Available data strongly suggests a false positive, and since the following pathname has been entered in MBARW GUI -> Exclusions, and the binary has been uploaded to the developers, please allow the entry to remain until you are requested to remove it:

           C:\Users\Simon\Downloads\TeslaDecoder\TeslaDecoder\TeslaDecoder.exe

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/removed.  Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.