NickF Posted November 23, 2017 ID:1186064 Share Posted November 23, 2017 Just had a report that ransomware activity was seen in PicasaStarer.exe - a small programme available on the internet, used to start Picasa with a separate/network-based database. The computer concerned has barely been connected to the internet for a few days and this programme has been present and intermittently in use for months. There is no sign of any file encryption. I strongly suspect this is a false positive. Apart from whitelisting the programme file, how should I proceed? Link to post Share on other sites More sharing options...
thisisu Posted November 23, 2017 ID:1186079 Share Posted November 23, 2017 Hello NickF, It does sound like a false positive. To confirm, please .zip and attach the file being detected and the MBAMSERVICE.LOG file located at: C:\ProgramData\Malwarebytes\MBAMService\LOGS\MBAMSERVICE.LOG Thanks! Link to post Share on other sites More sharing options...
NickF Posted November 24, 2017 Author ID:1186144 Share Posted November 24, 2017 (edited) Thanks you for the rapid response, which is re-assuring. I attach the file as requested. I was finding that Picasa (started using the attached file) was running very slowly. The detection resulted in some difficulties with file 'permissions' and I ended up not only putting the requisite directory in 'exclusions', but finally temporarily disabled Malwarebytes Anti-ransomware (latest Beta). (I have yet to re-boot that machine with the file excluded and Anti-ransomware re-enabled. The file came from an exact mirror copy on my second PC) When I did disable MB anti-ransomware Picasa very definitely functioned much more quickly. I wondered if the fact that I was adding photo captions (and so writing into existing files) might be causing some alert???? Any comments or advice most welcome. PicasaStarter.zip Edited November 24, 2017 by NickF Link to post Share on other sites More sharing options...
thisisu Posted November 24, 2017 ID:1186250 Share Posted November 24, 2017 Thanks for attaching the file. If it was being detected, it no longer should be. If it is still being detected on your end, please provide a log which shows the detection. Preferably this log file: C:\ProgramData\Malwarebytes\MBAMService\LOGS\MBAMSERVICE.LOG or one from your Reports tab. More information here. Thank you Quote When I did disable MB anti-ransomware Picasa very definitely functioned much more quickly. I wondered if the fact that I was adding photo captions (and so writing into existing files) might be causing some alert???? If ransomware behavior was being detected then an alert that the file was stopped or quarantined may have appeared. Can you elaborate on what type of alert you saw? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now