Q-DIR detected sometimes as ransomware

[NBI]

Hello,

I use a software named Q-DIR that allows to manage files easyly with tabs per windows concept (website: http://www.softwareok.com/?seite=Freeware/Q-Dir)

My problem is that, on specials circonstances, Malwarebytes software detect it as Ransomware.
Nevertheless, I use Q-DIR since a long time and nerver had problem with it so, if this software was realy a Ransomware, I should have access to my files since a long time.

When I talk about special circonstances when Malwarebytes software detect it as ransomware, I would like to mean:
- I can use Q-Dir during severals weeks without detection of MalwaresBytes.
- I can define an "exclusion" for Q-Dir into Malwarebytes software (menu Parameters, tab Exclusions) but it seems to not work: I have no detection with some weeks and as I have put Q-Dir into this list, normaly, Malwarebytes software shoul not detect it after...
- The detection of Q-Dir as Ransomware seems occur only when I move one or sevral files...

Could you help me to solve the problem ?

Thank you.

[miekiemoes]

Hi,

We would need more info, so can you zip and attach the MBAMService.LOG, this so I can have a look why it was detected.

You can find this log in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS

Given it is mainly triggered when you move several files (as this is also how ransom behaves - hence why our generic detection) - I suggest you add an exclusion for it.

I know you have tried this already, without luck, but just making sure you've set the exclusion properly.

* To add the exclusion, open Malwarebytes > Settings > Exclusions tab
* Below, click the button: "Add Exclusion"
* Then, select "Exclude a File or Folder" (this should be prechecked already by default)
* Click Next
* You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude, the one that is always detected.
* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already)
* Then click the OK button below.

[NBI]

Hi,

After an more deep analisys, I discovered that there was two folders where was installed Q-Dir : program files (certainly an old installation) and another on Roaming folder so I have added the second folder with the exclusion method you described.

You will find attached the zipped MBAMSERVICE.LOG for today events.

MBAMSERVICE.zip

[miekiemoes]

Thanks.

Normally this shouldn't be detected anymore. However, I notice in your log that a lot of connections to malwarebytes are blocked, connections that are required to get accurate results on behavior detections.

This could be just temporary where there was a networking issue on your side. Unless you have added these blocks yourself through your firewall or hosts file.

[NBI]

I have two question

1) following this topic, does you will improve Malwarebytes to better detect false positive for this software (put an exeption is not for me a long term solution) ?

2) recently on the news (https://www.ghacks.net/2017/09/18/ccleaner-compromised-better-check-your-pc/) has been annonced that the software PIRIFORM CCLEANNER v3.34 has been corrupted : due to a hack of the softaware provider website, the original installer version has been replaced by a version containing a virus. PIRIFORM has published a new clean version after when the hack has been discovered.

On this case, if I put on Malwarebytes an exception of detection to the folder containing the software, and I have unfortunately installed an corrupted software version, does the malicious code will be detected by malwarebytes ?

[miekiemoes]

If you put an exception, then in case of such incident as with Ccleaner, then it won't be detected. But these case incidents are really rare.

For Q-Dir, there's a permanent solution already - This permanent solution unfortunately won't work if some malwarebytes network instances are being blocked, as it can't use our additional services to make the final decision on certain behavior detection.