Jump to content

Malwarebytes recognices the TRojan.Miuref and stops the Simulator dll.xml


Romair

Recommended Posts

Dear Support
Malwarebytes quarantiners the iFly.dll from Flightsimulator FSX and P3D after installing the moduleinstaller which writes the .dll to simulator .dll called dll.xml
I can send you the whole .dll text file. When I tray to restore (re-install) antimalware software, it will blocked again
 When I put it into the exlusions it will not work. Malwarebytes stops them again.

Need your help with regards Roger

Link to post
Share on other sites

Dear Sir

Thanks for your response.

I have already un-installed Malewarebytes from my FSSim maschine.

In order to send you the log file I have to install Malewarebytes again and again my iFly B747 on Lockheed Martins P3D will no more work.

I will contact the iFly staffs first. (the designer of that Fltsim addon ).

Probably I will try to arrange a MWB Installation to a later time.

I will come back if this problem can not be solved.

regards Roger

 

Link to post
Share on other sites

Dear Sir

I have attached now the Lookhead Martin P3D dll.xml where following part will be faulty by the scan of Malewarebytes.

 <Launch.Addon>
    <Name>iFly 747-400 Menu</Name>
    <Disabled>False</Disabled>
    <ManualLoad>False</ManualLoad>
    <Path>Modules\iFly744.dll</Path>
  </Launch.Addon>

This part becomes active if we adapt the iFly B747-400 module using the modul installer. Without above part missing the iFly B747-400

can not be used.

PS:  Based on your attachment files restriction, the attached dll.xml I had to rename to dll.txt

Hope for your investigation. Based on this problem I had to uninstall Malewarebytes on the FSSim PC.

regards Roger

dll.txt

Link to post
Share on other sites

Hello Filipos

In order to be able to operate the iFly B747 on the Lookhead Martin P3D Simulator I had to uninstall Malewarebytes therefore detection is not existing.

Right now I am using Spyboot-S&D Serach and Destroy instead of Malwwarebytes. This software does not block the iFly744.dll.

If you can help or advise how to exclude the blocking of iFly744.dll I will go back to Malewarebytes.

I have  Malewarebytes on other machines and so far no problem.

regard  Roger

Link to post
Share on other sites

Hi Romair,

You can add a file exclusion using these directions: https://support.malwarebytes.com/customer/portal/articles/1835329-how-do-i-stop-malwarebytes-anti-malware-from-blocking-scanning-a-file-or-program-that-i-trust-?b_id=6438

If you're using Malwarebytes 3.0.x you can add an exclusion by going to Settings => Exclusions => Add Exclusion => Exclude a File or Folder.

Regards

Link to post
Share on other sites

Hello Filipos

no success so far

1. I installed again Malwarebytes.

2. I moved lFly744.dll to the exclusion (screenshot is attachend)

3. I made a scan with the result of 0 intendified  threats

4. I started again the P3D simulator and selected  the iFly b747 aircraft. During openening the iFly744 aircraft (iFly744.dll)  I recognized

again on the right botton corner of the monitor a small message from Malewarebytes that the iFly.dll had been blocked.

Sorry, can not provide a screenshot becaus of the very short apperance of this message.

I had to un-install Malwarebytes again and the iFly744.dll works as usual.

regards Roger

Malware-1.JPG

Link to post
Share on other sites

  • Staff

Hello,

Your latest screenshot & protection log shows the following file being blocked.
D:\Prepar3D v3\iFly\744\ifly.dll
Can you zip/attach that file please? (iFly.dll)

If you have MBAM installed still (but disabled due to having Spybot) - please try also to exclude D:\Prepar3D v3\iFly\744\ifly.dll & test.

Thanks!

Link to post
Share on other sites

Hello Mr. Tammy Stewart

I have already sent iFly744.dll to Mr. Filipos Mouliatis

I am sending this file again herewith attached.

I have already excluded this .dll but Malewarebytes does not exclude them and stop the use of this .dll and my iFlyb744 aircraft addon is no more working. (became corrupt)

After each excluding trial within the MBAM I have to re-install and rebuild this iFlyb744  aircraft addon again und it causes me  lot of work .

If there is no solution, I can not use MBAM for my simulation machines.

regards Roger

 

iFly744.7z

Link to post
Share on other sites

Dear gentlemens

O my gott !!!  I never recognided that there must be or there are two different iFly.dll

One is in the modules folder as usual called iFly744.dll and there is a second one called iFly.dll in the base aircraft folder where you recogniced.

My eyes are always focused to the modul folder where usually the .dll are placed.

Now I am sending you the second one for investigation. But i think the fault is with me because I only made an exclusion with the  iFly744.dll

If you confirm no problems I will re-install MBAM and  move both files to the exclusions and hope to get it working.

Thanks Roger

 

ifly.7z

iFly744.7z

Link to post
Share on other sites

  • Staff

Thanks!

It will take a bit to look into this ...
I scan the file at virustotal & get the following result:
https://www.virustotal.com/en/file/91358c011ce5d220b652e1002d925ec21656eaf10fb05cfa8523da944c4319fd/analysis/1488994714/

I am not sure yet if all these detections are a result of the file being packed with themida or what. Fairly high number of detections though so it will take a bit to determine what is happening here.
You can still exclude the iFly.dll if you like which will stop MBAM from hitting it but I want to make sure it is not actually malicious.

Link to post
Share on other sites

Hello

in your post above is no download link behind MBAM2 Version: v2017.03.08.06

I have only version2 for the moment.

On your website I can only see the newer version 3

Can you tell me how to download MBAM2 Version: v2017.03.08.06 ???

regards Roger

 

 

Link to post
Share on other sites

  • Staff

No need to download the MBAM2 version...

The database update versions are written differently.

I just list both versions in case someone else running into the same issue who is running a different MBAM version can also get the info they need.

We often have people who don't report false positives & wait until someone else to post & wait until fix is announced.

Link to post
Share on other sites

I have re-installed MBAM with the DB update and I excluded  those iFly .dll and I made a scan.

Finally I could operate the iFly aircraft as usual without any trouble.

You made an DB update and therefore I think those iFly .dll are no more necessary to move them to the exclusions.

Can you pls. confirm or is it still neccessary to move this kind of .dll to the exclusions.

Roger

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.