Jump to content

Q-DIR detected sometimes as ransomware


Recommended Posts


I use a software named Q-DIR that allows to manage files easyly with tabs per windows concept (website: http://www.softwareok.com/?seite=Freeware/Q-Dir)

My problem is that, on specials circonstances, Malwarebytes software detect it as Ransomware.
Nevertheless, I use Q-DIR since a long time and nerver had problem with it so, if this software was realy a Ransomware, I should have access to my files since a long time.

When I talk about special circonstances when Malwarebytes software detect it as ransomware, I would like to mean:
- I can use Q-Dir during severals weeks without detection of MalwaresBytes.
- I can define an "exclusion" for Q-Dir into Malwarebytes software (menu Parameters, tab Exclusions) but it seems to not work: I have no detection with some weeks and as I have put Q-Dir into this list, normaly, Malwarebytes software shoul not detect it after...
- The detection of Q-Dir as Ransomware seems occur only when I move one or sevral files...

Could you help me to solve the problem ?

Thank you.

Link to post
Share on other sites

  • Staff


We would need more info, so can you zip and attach the MBAMService.LOG, this so I can have a look why it was detected.

You can find this log in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS

Given it is mainly triggered when you move several files (as this is also how ransom behaves - hence why our generic detection) - I suggest you add an exclusion for it.

I know you have tried this already, without luck, but just making sure you've set the exclusion properly.

* To add the exclusion, open Malwarebytes > Settings > Exclusions tab
* Below, click the button: "Add Exclusion"
* Then, select "Exclude a File or Folder" (this should be prechecked already by default)
* Click Next
* You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude, the one that is always detected.
* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already)
* Then click the OK button below.

Link to post
Share on other sites


After an more deep analisys, I discovered that there was two folders where was installed Q-Dir : program files (certainly an old installation) and another on Roaming folder so I have added the second folder with the exclusion method you described.

You will find attached the zipped MBAMSERVICE.LOG for today events.


Link to post
Share on other sites

  • Staff


Normally this shouldn't be detected anymore. However, I notice in your log that a lot of connections to malwarebytes are blocked, connections that are required to get accurate results on behavior detections.

This could be just temporary where there was a networking issue on your side. Unless you have added these blocks yourself through your firewall or hosts file.

Link to post
Share on other sites

I have two question

1) following this topic, does you will improve Malwarebytes to better detect false positive for this software (put an exeption is not for me a long term solution) ?

2) recently on the news (https://www.ghacks.net/2017/09/18/ccleaner-compromised-better-check-your-pc/) has been annonced that the software PIRIFORM CCLEANNER v3.34 has been corrupted : due to a hack of the softaware provider website, the original installer version has been replaced by a version containing a virus. PIRIFORM has published a new clean version after when the hack has been discovered.

On this case, if I put on Malwarebytes an exception of detection to the folder containing the software, and I have unfortunately installed an corrupted software version, does the malicious code will be detected by malwarebytes ?

Link to post
Share on other sites

  • Staff

If you put an exception, then in case of such incident as with Ccleaner, then it won't be detected. But these case incidents are really rare.

For Q-Dir, there's a permanent solution already - This permanent solution unfortunately won't work if some malwarebytes network instances are being blocked, as it can't use our additional services to make the final decision on certain behavior detection. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.