Jump to content

Malwarebytes - Anti-Ransomware Beta


Recommended Posts

Windows 10 Pro

Malwarebytes Ransomware - Version 0.9.16.484

Ransomware Detected 

Process: C:\Program Files\Common Files\Micr...6.0.7070.2033\OfficeClickToRun.exe

Action: Moved to Quarantine

Office365 2016 had been reinstalled a few weeks earlier, but same software had previously been installed prior to installing Malwarebytes Anti-Ransomware and had been running for about four months - this false positive had never been reported before.

I looked in the Quarantine tab but there were no entries listed.

I checked the Office products and they were all functioning correctly so the message had no effect and so was ignored. Malwarebytes Anti-Ransomware left running.

Only a regular full backup was running on the laptop when the message was displayed.

No files supplied as no quarantined files were found.

A couple of times I have found that the Malwarebytes was not running and would not restart - restart unresponsive - no message.

On one occasion I reinstalled the software and that worked, on another occasion I completed a Windows update that was pending and that seemed to allow the MalwareBytes to restart.  

Screen Shot 07-31-16 at 09.32 PM.PNG

Link to post
Share on other sites

Hello MartinC and :welcome:

Thank you for the accompanying graphic.

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.

Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

Hello  and :welcome:

If the following was generated but forgotten, please attach in your next reply.  Otherwise please generate & attach:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\

Thank you for your beta testing contribution to the MBARW project and your valued feedback.

Link to post
Share on other sites

Hello MartinC:

Available data strongly suggests a false positive, and if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.7070.2033\OfficeClickToRun.exe

Reference: https://www.virustotal.com/en/file/d038673f84bcb355eb499ae9d4690c04a90e9988a65882117827b685dd45628d/analysis/1470039771/ Signed

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

I would add it, and had tried to add it, but the file does not exist in the location displayed.

\16.0.7070.2033\OfficeClickToRun.exe

I don't have a  \16.0.7070.2033\ sub directory

and the OfficeClickToRun.exe file is actually located in the directory

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

Do I exclude that file?

Link to post
Share on other sites

Hello MartinC:

The OfficeClickToRun.exe executable was likely deleted from C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.7070.2033\OfficeClickToRun.exe as the logs indicate and it may need to be repaired:

How to Repair an Office application.

  1. Please consider producing a hard copy of the procedure within Repair an Office application.
  2. Restart the computer in question into the Windows Normal mode and terminate unnecessary applications.
  3. Follow Microsoft's procedure within step 1.
  4. Again, restart the system into Windows Normal mode.
  5. Confirm the previously missing file has been restored.

After the above repair, please reply to this topic with the status of your system.

Link to post
Share on other sites

I have tried the quick repair and it didn't restore any files in that directory.

The last time I tried doing an Office 365 online repair it wiped all the Microsoft products from my system and then wouldn't allow me to reinstall, which turned out to be a not uncommon problem but one that Microsoft doesn't seem to want to acknowledge.

So while my Microsoft Office products are working I am reluctant to do the online repair as last time I lost half a day getting round the reinstall problem.

Best regards

Martin

 

 

Link to post
Share on other sites

Hello Martin:

Many of us understand about having been snake bitten by software.  Please remember that an excellent backup plan is always your system's best friend.

Best wishes and good luck to you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.