Jump to content

Recommended Posts

False Positive checks and requests on files is performed in;   File Detections  after reading;  Please read before reporting a false positive

**  A request was made to move your thread there.

 

Edited by David H. Lipman
Link to post
Share on other sites

Hello cserfer:

Since this may be the first report of such an issue with this file, it would be quite valuable to the MBARW developers if you would search the system in question for the following directories:

Using only the native Windows built-in zip utility, please create the following .zip archive files for MBARW developer team analysis:

                              "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW\"

Please attach the archives to your next reply.  Thank you for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

Edited by 1PW
Link to post
Share on other sites

Hello cserfer:

The archives that were sent indicate that MBARW Beta8 is in need of cleanup.  Rather than a simple re-install of MBARW Beta8, please consider a clean install of MBARW Beta8 (v0.9.17.661):

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta8 was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows 7SP1 x64 system:

                              "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW\"

3. If any of the above directories do remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the New version - BETA 8 - now available! topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your clean install.  Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Hello cserfer:

Using only the native Windows built-in zip utility, please create the following .zip archive file for MBARW developer team analysis:

 "C:\Users\CSERCS~1.FER\AppData\Local\Temp\{83FA15D8-4ACC-4E02-AF0F-642E8A4A874C}_10012\SBW_Production_Full_Zip.exe"

This will not be the the quarantine directory but will be the original executable that may have been deleted.  Please attach that archive to your next reply.  Thank you again for your beta testing contribution to the Malwarebytes Anti-Ransomware (MBARW Beta) project and your valued feedback.

 

 

Edited by 1PW
Link to post
Share on other sites
  • 4 weeks later...

Hello 1PW and MBARW experts,

the alert arrived again. Earlier I did the whole process what 1PW offered, and it has solved the previous issue.

Today happened again. I uninstalled the MBARW (deleted the                               "%ProgramData%\Malwarebytes\Malwarebytes Anti-Ransomware\"
                              "%ProgramData%\Malwarebytes\MBAMService\logs\"
                              "%ProgramData%\MalwarebytesARW
libraries during the standard uninstall process.

Restarted win7, reinstalled MBARW BETA 0.9.17.661 and tried to run again the SBW Knowledge Base update.

Due to limitations of the forum can not attach the restored zip ( SBW_Production_Full_Zip.zip 177 842 137 bytes) and the zipped MBAMService (186 175 121 bytes).

Please write me how can i send them.

 

Best regards,

cserfer

Link to post
Share on other sites

Hello cserfer:

The "%ProgramData%\MalwarebytesARW\ archive does seem inordinately large for a recent clean install.  However, that can be looked at that later.

Please .zip only the %ProgramData%\MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG file at this time, and attach to your next reply to this thread.  Someone will get back to you as soon as possible.

Thank you for your perseverance, and beta testing the MBARW development project.

Link to post
Share on other sites

Hello cserfer:

Thank you for the perfect archive you've posted.

Available data strongly suggests a false positive, and if it has not already been done, you may wish to make the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

        C:\Users\CSERCS~1.FER\AppData\Local\Temp\{83FA15D8-4ACC-4E02-AF0F-642E8A4A874C}_10012\SBW_Production_Full_Zip.exe

Reference: https://www.virustotal.com/file/432c14e710db47f35c154ba4d2db753afcfe79a04a96201802c9db7c46aa958e/analysis/ Unsigned

At any time, a MBARW development team member, QA team member or Staffer may request the above temporary exclusion be altered/deleted.

Thank you.

Link to post
Share on other sites

Hello cserfer:

If the .zip in question is a recent offering of "Sales Builder for Windows" from Hewlett-Packard, that file is rather large, and therefor explains why it would not pass attachment acceptance by the current Malwarebytes' forum software.

If and when required, a Malwarebytes staffer may request a URL for downloading that .zip for additional analysis.  However, they may make an exception in this instance.

Thank you again.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.