Jump to content

SoiundTouch.exe from Bose marked as Ransomware


cobbgw
 Share

Recommended Posts

Malwarebytes Anti-Ransom BETA (AR) is detecting SoundTouch.exe as a ransomware when attempting to run the program, even if the AR has been clicked to stop protecting.  In addition, the move to quarantine is not being posted to the log so I am unable to put the program in the exclusion list.  Any suggestions as to how to by pass this problem?

Malware.docx

Link to post
Share on other sites

Hello cobbgw and :welcome:

Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread.

If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system.  Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

Thank you for pointing me in the right direction for proper submission.  I had looked in the GuideLines tab thinking it would be there, but did not see anything of that nature in the titles.

 

Thus far, I have uninstalled SoundTouch (ST hence forth)(using Revo Uninstaller)  and reinstalled SoundTouch-13.0.13.16800.msi (again using the install from Revo).   I ensured the Anti-Ransom Ware (AR) program was in protected mode and running.  The ST app, executes and auto start on completion of install, with no option to “not start”.

After the requested reboot from AR, the start of ST resulted in the same two error popup that I attached to my first post. 

  

By “disable the AR protection” I assume you just mean click the “Stop Protecting” button, and that  was done at this time.

This I can do, but I am at a loss as to where to find the quarantined file on my pc.  A full search resulted in finding "SOUNDTOUCH.EXE-C4C807A1.pf"  in "C:\Windows\Prefetch\".  I am running Windows 10 as shown in the sysinfo file in first post.

Please advise the location of the quarantined file.

Best to ya this day (night here lol)

Jerry

Link to post
Share on other sites

My most sincere apologies to all that have been following this thread.  My mind has been blaming the quarantine on 'Anti-Exploit Beta" instead of the "Anti-Ransomware" that was prominently shown in the two error popup that are shown in the attachment in my first post. I am going to blame it on these old eyes.

Now that I am a bit more on track, I shall carry on with the requirements of a thread start.

Thus far, I have uninstalled SoundTouch (ST hence forth)(using Revo Uninstaller)  and reinstalled SoundTouch-13.0.13.16800.msi.   I ensured the Anti-Ransom Ware (AR) program was in protected mode and running.  The ST app, executes an auto start on completion of install, with no option to “not start”.  The attempt to restart, resulted in the same errors as previously posted (first post).

After the requested reboot from AR, the start of ST resulted in the same two error popup that I attached to my first post.

I have now used the "restore" in the AR program and then put AR in "do not protect".  I ran SoundTouch.exe and it worked properly.  The next step I am to follow is to attach the two zip files.  (just a side note (me winning) I tried for three quarters of an hour to upload the two files but the system kept failing the upload.  Finally I just did a reboot and the problem is fixed.)

Anyway, the two files are attached, so I shall await you opportunity to get back to me.

Thanks in advance.

 

MalwarebytesARW.zip

SoundTouch.zip

Link to post
Share on other sites

Hello Cobbgw, :welcome:

Thank you for bringing this to our attention, while we go to extreme lengths to prevent these from being detected on occasion we will detect a legitimate file as due to it's behavior or other factor's...  This will be fixed in the next updates that are released, please let me know if you should notice it still being detected or causing any problems..

Thank you for your patience, and using our forums!

Perry

Link to post
Share on other sites

Reference: https://www.virustotal.com/en/file/024c322bc033aa0f3859b35859ace7c5905f6571642d3168f1c154f5bbd31edb/analysis/  Unsigned.

Hello cobbgw:

When MBARW Beta8 quarantines a file, to the best of my knowledge, the file in question is effectively encrypted.  MBAE, MBAM Premium, and MBARW Beta8 are all quite separate security applications and very excellent choices for your system.  I also run all three with top-tier anti-virus applications.

Thank you again for beta testing MBARW.

 

 

Link to post
Share on other sites

Hello Jerry,

You're very welcome, thank you very much for bringing it to our attention and also discovering new material on our forum.  Please let us know should you notice the machine(s) exhibiting any other symptoms or perhaps if you may need additional assistance, or have any questions..

Best Regards,

Perry

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.