Jump to content

Recommended Posts

Just had a report that ransomware activity was seen in PicasaStarer.exe - a small programme available on the internet, used to start Picasa with a separate/network-based database.

The computer concerned has barely been connected to the internet for a few days and this programme has been present and intermittently in use for months. There is no sign of any file encryption.

I strongly suspect this is a false positive. Apart from whitelisting the programme file, how should I proceed?

Link to post
Share on other sites

Thanks you for the rapid response, which is re-assuring.

I attach the file as requested.

I was finding that Picasa (started using the attached file) was running very slowly. The detection resulted in some difficulties with file 'permissions' and I ended up not only putting the requisite directory in 'exclusions', but finally temporarily disabled Malwarebytes Anti-ransomware (latest Beta).

(I have yet to re-boot that machine with the file excluded and Anti-ransomware re-enabled. The file came from an exact mirror copy on my second PC)

When I did disable MB anti-ransomware Picasa very definitely functioned much more quickly. I wondered if the fact that I was adding photo captions (and so writing into existing files) might be causing some alert????

Any comments or advice most welcome.

PicasaStarter.zip

Edited by NickF
Link to post
Share on other sites

Thanks for attaching the file. If it was being detected, it no longer should be. If it is still being detected on your end, please provide a log which shows the detection. Preferably this log file: C:\ProgramData\Malwarebytes\MBAMService\LOGS\MBAMSERVICE.LOG or one from your Reports tab. More information here. Thank you

Quote

When I did disable MB anti-ransomware Picasa very definitely functioned much more quickly. I wondered if the fact that I was adding photo captions (and so writing into existing files) might be causing some alert????

If ransomware behavior was being detected then an alert that the file was stopped or quarantined may have appeared. Can you elaborate on what type of alert you saw?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.