Jump to content
marcelser

Nvidia Files false positivves

Recommended Posts

All of a sudden MBARW started quarantining Nvidia Files placed in my User Profile at the directory C:\Users\marc\AppData\Local\NVIDIA\NvBackend\Packages\000093e1. I have uploaded the first one that was detected as zip. After rebooting the machine 1 day later I got another quarantined filed in the nearly identical directory Nnvidia\NVBackend\00093f3 also with a very similar name "DAO.21159685.exe.

I think nvidia started downloading files for its "Geforce Experience" Engine or for driver updates that are now detected as false positives by MBARW.

DAO.21154721.zip

Malwarebytes Anti-Ransomware.zip

Share this post


Link to post
Share on other sites

Hi,

Can you check and verify if this file is still detected? Because we have fixed this already (if you are indeed talking about the DAO.21154721.exe file.

In case it's a different file, please upload it as well IF it's still deteted, as we might have fixed this in a meanwhile as well.

Alternatively, for future reference, it's a good idea to add the C:\Users\marc\AppData\Local\NVIDIA\NvBackend\Packages\ folder to your exclusion list.

Thanks!!

 

Edited by miekiemoes

Share this post


Link to post
Share on other sites

The newer Version is being detected as well.

Btw. it is currently not possible to add folders as exclusions (being on 0.9.17.661).

That being said, I'd upload the MalewarebytesARM folder as well, but seeing whats inside the some of the log files, i'd rather pass on that one...

DAO.21184982.exe.zip

Share this post


Link to post
Share on other sites

Hi formi,

 

Thanks for beta testing. This FP has been fixed already.

As for not being able to add folders as exclusions, I suggest you start a seperate thread for that, so someone can have a look.

 

Thanks!

 

Share this post


Link to post
Share on other sites

Hello rahlquist:

In addition to the archive of the failing executable, please post the following:

Using only the native Windows built-in zip utility, please create the following .zip archive files for MBARW developer team analysis:

                              "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW\"

Please attach the archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

Share this post


Link to post
Share on other sites

It is now October 19th and I still have reports about NVidia files being reported as ransomware

Latest is DAO.21274243.exe

Share this post


Link to post
Share on other sites

Hi,

Can you zip and attach the DAO.21274243.exe file please?

Also, please add the AppData\Local\NVIDIA\NvBackend\Packages\ folder to your exclusion list

Thanks!

Share this post


Link to post
Share on other sites
19 hours ago, miekiemoes said:

Hi,

Can you zip and attach the DAO.21274243.exe file please?

Also, please add the AppData\Local\NVIDIA\NvBackend\Packages\ folder to your exclusion list

Thanks!

I added the folder to the exclusion list yesterday.

Attached the zipped file.

DAO.21274243.exe.zip

Share this post


Link to post
Share on other sites
On 9/15/2016 at 4:07 PM, miekiemoes said:

and verify if this file is still detected? Because we have fixed this already (if you are indeed talking about the DAO.21154721.exe file.

In case it's a different file, please upload it as well IF

And now DAO.21278900.exe is flagging. Will upload the file after the user reboots so i can restore the file

Ransomware false flag.jpg

Share this post


Link to post
Share on other sites

cweston, can you please dequarantine the files and zip and attach them to this thread?

Also, please add the path AppData\Local\NVIDIA\NvBackend\Packages\ to your exclusions :)

Share this post


Link to post
Share on other sites
19 minutes ago, miekiemoes said:

cweston, can you please dequarantine the files and zip and attach them to this thread?

Also, please add the path AppData\Local\NVIDIA\NvBackend\Packages\ to your exclusions :)

Cheers, I've excluded that path now and attached the files for your info.

Cheers,

Craig

CoProc update.21278348.zip

DAO.21253572.zip

DAO.21259166.zip

DAO.21274243.zip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.