Jump to content

Recommended Posts

Open Office Calc (soffice.exe) has been recently being flagged as ransomware within the last few days. I have attached the provided log file.

To reproduce: Save an Open Office Calc file after making changes using the most up-to-date version of the Open Office suite. However, it will only be quarantined a small fraction of the time, and I've been unable to track down any particular indicator of what may be triggering the quarantine only some of the time.

One possible variable may be that the file(s) being edited are in a local dropbox folder, though I have no way to determine if that is the case because Malware Bytes only flags open office as ransomware once out of every few dozen or so individual saves (At least going off of my current experience, with this happening a few times now), which means testing this would be rather time consuming.

As a side note, and this is the ultimate reason I am bothering to report this: When malware bytes quarantines (And closes) the application, the file that was being saved when the quarantine was triggered is sometimes replaced with a 0KB empty file. This potential for a loss of a large amount of data is rather concerning, and I would have lost a good deal of data myself if I didn't make it a point to keep proper backups. As with before, this may be related to Dropbox, but I've been unable to test due to the difficulty in reproduction.

FalsePositive.txt

MBAMSERVICE.LOG

Edited by Shino2
Added additional logs
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.