Pidgin being marked as ransomware

[pondguy]

I have been using MalwareBytes for years and am currently running version 3.0.  I have also been using Pidgin (version 2.12 lately) for my chat client for years.  Starting last Monday, MalwareBytes is tagging Pidgin as Ransomware on boot-up and putting it in quarantine then deleting it.  What gives?  Surely this is a mistake!

 

Pondguy

[nikhils]

Hello @pondguy

Please make sure you are using the latest version of 3.0.6 CU4. Please refer to the post below for the build details:

If you are still seeing the error after installing the latest Build you an try adding the Pidgin application to the exclusion list:

1. Go to Settings/Exclusion

2. Click on Add Exclusion.

3. Choose "Exclude an application that connects to the internet" and choose the Pidgin application.

Let us know i that fixes the problem else we can take a look at logs.

Thank you.

[pondguy]

Thanks.  I'll give that a try after getting the new Malwarebytes build.

[Telos]

@pondguy Pidgin should NOT be quarantined. Suggest you report that as a false positive so it can be fixed. Placing Pidgin as an exclusion is a work-around, not a solution.

https://forums.malwarebytes.com/forum/122-false-positives/

[nikhils]

Hello @pondguy

One quick request before you try the new build.

If you still have the older build can you please post the MBAMSERVICE.txt log file in this post.

That way we will be able to analyze why Pidgin is being flagged?

The log file can be usually found at: C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.txt

Thank You