Jump to content
ThomasSchulzMS

Program (or installer?) detected as ransomware

Recommended Posts

Hi,

We found out from a customer that when installing the current version of A1 Sitemap Generator - one of the temporary files generated during installation is flagged and quarantined (sitemap-setup.tmp)

Starting mbam.exe with /developer command line does not help much as the false positive is no reported when doing a right click scan. 

(And I have been unable to find any log by mbam after the quarantine during the installation.)

 

You can download the tool from here

 http://www.microsystools.com/products/sitemap-generator/

 

You can find latest report by virus total report 

URL (0 / 64)

https://www.virustotal.com/en/url/05bd8f7aa4017f809a984b73ea8cc83b0b8691088dcfdd6488ca76783c57a02d/analysis/1487695458/

Download (0 / 58)

https://www.virustotal.com/en/file/a683208a09a8ff6415a5530f09437d313c6fe749d0586818f57ae9e9e7110852/analysis/1487695464/

 

For reference: 

  • The installer + all the executables are signed.
  • Executables are created in Delphi 2007 to Delphi XE2
  • 3 executables are included installed during installation.
  • The "best" depending on OS and 32/64bit is then selected as default sitemap.exe during installation which the desktop shortcuts etc. use.
  • Installer is InnoSetup.

 

If I can get logging working, I will be happy to report that.

 

Edited by ThomasSchulzMS

Share this post


Link to post
Share on other sites

If you want - here is the original report by my customer:

https://webhelpforums.net/sitemap-generator/malwarebytes-v3-0-6-quarantines-sitemap-setup-tmp-as-ransomeware/
 

Quote

 

Those who have the latest "Malwarebytes" v3.0.6 installed will encounter this issue upon installing an update to "A1 Sitemap Generator".

malwarebytes-a1-sitemap-generator.jpg

Since the "sitemap-setup.tmp" file is (incorrectly) detected by Malwarebytes as Ransomware and automatically quarantined, the update to A1 Sitemap Generator therefore does not complete properly.

The solution I found was to "Quit Malwarebytes" (right-click icon in taskbar) and then run the "sitemap-setup.exe" file once again. The install routine will complete properly, as usual. Then you can load Malwarebytes again and run latest version of A1 Sitemap Generator without issue.

 

 

Share this post


Link to post
Share on other sites

Note:

Should you somehow believe this is PUP software -

I am still waiting for the PUP questionnaire you over email asked me

to send you an email about to request (which I did)

Edited by ThomasSchulzMS

Share this post


Link to post
Share on other sites

Hi,

Is this still detected? Because according to our logs, this detection was removed more than 2 weeks ago already. I also downloaded and installed the file (which was given in above virustotal report) and no blocks by malwarebytes here either. So I can't reproduce this.

Unless this isn't the exact file as mentioned in above. In that case, please zip and attach the exact file that was detected.

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.