Jump to content

file is suspicious: non executable file extension


Gt-truth
 Share

Recommended Posts

I get this today :unsure:

this file is loaded by windows registry 

C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe--starttray

A file with this name "has not" been found

__________
the file is called the follwing registry key

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Malwarebytes Anti-Ransomware"
____________
file is suspicious: non executable file extension 

file does not have a recognised executable file extension

any idea ? :mellow:

Edited by mrdodrop
Link to post
Share on other sites

Hello mrdodrop:

Using only the native Windows built-in zip utility, please create the following .zip archive file for MBARW developer team analysis:

Please create a .zip archive file (not .7z or .rar) of the directory:

                                                             C:\ProgramData\MalwarebytesARW\

Please attach the .zip archive to your next reply.  Thank you for your beta testing.

Edited by 1PW
Link to post
Share on other sites

hi @1PW

for moment I had no any problem with Malwarebytes Anti-Ransomware however it was a problem and still with an anti-Trojan software .and not sure if Malwarebytes Anti-Ransomware is doing something as to "change a system settings and so on" and "there is something suspicious with it" if so let me know hala

Edited by mrdodrop
note: more then 1 software has flagged the changes as suspicious
Link to post
Share on other sites

5 minutes ago, 1PW said:

Hello mrdodrop:

Unfortunately, a detailed analysis can not begin without the archive requested in post #2 above.

Thank you for your patience and understanding.

HI

I will working on it and I will back with logs when I ready ! you may want a screenshots for the problem ?

and you’re welcome .

Edited by mrdodrop
Link to post
Share on other sites

10 hours ago, tetonbob said:

Hello, mrdodrop (Gt-truth? New user name today :) ). These are MBARW's startup entries being flagged by two different programs. It seems that Trojan Scanner can't see that there's an argument (--starttray) at the end of the path and is considering that a 'non-executable file extension'.

Hi tetonbob yes that’s me ! :lol:

Yeah I have the new name from now ! :D and I have the new avatar too :P so I should to not worry about it ? and what do I do now ? 

On 9/25/2016 at 3:50 PM, 1PW said:

Hello mrdodrop:

Using only the native Windows built-in zip utility, please create the following .zip archive file for MBARW developer team analysis:

Please create a .zip archive file (not .7z or .rar) of the directory:

                                                             C:\ProgramData\MalwarebytesARW\

Please attach the .zip archive to your next reply.  Thank you for your beta testing.

right-click on malwarebytes folder > send to > compressed (zipped) folder and I got this message so I don’t know what I should to do next ?

 

CpWz_23725.png

Link to post
Share on other sites

  • Staff

Hi Gt-truth. Nice avatar :)

Quote

so I should to not worry about it ?

I don't think this is anything to be concerned about. This startup entry is as expected for MBARW. You may want to have Trojan Scanner ignore this entry, and perhaps report it to them.

Since the message you were asking about was from other programs and how they were viewing MBARW's startup entry, I don't think that in this case you need to provide the information requested by 1PW.

If in the future you do need to, then you would click Yes on that message.

 

Thank you!

Edited by tetonbob
added info
Link to post
Share on other sites

22 hours ago, tetonbob said:

Hi Gt-truth. Nice avatar :)

I don't think this is anything to be concerned about. This startup entry is as expected for MBARW. You may want to have Trojan Scanner ignore this entry, and perhaps report it to them.

Since the message you were asking about was from other programs and how they were viewing MBARW's startup entry, I don't think that in this case you need to provide the information requested by 1PW.

If in the future you do need to, then you would click Yes on that message.

 

Thank you!

hi and thank you for your nice words ! (:P) I will try to contact him. If there is any problem then I will send the information in this thread!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.