Jump to content

Maybe false positive


KatZund

Recommended Posts

I'm using Exif Remover 5.1 (from rlvision) for a long time and malwarebytes gives me a message that ransomware ('exiftool.exe' in c/users/name/appdata/local/temp) has been stopped.

scr1417.png.c4fae19e5c66d2346764580f1bd30737.png

Hash 256:   cd003e8957e75f43de4e9ca4ce965e80da73c1940663a39222ea63ef3bd35be2

https://www.virustotal.com/nl/file/cd003e8957e75f43de4e9ca4ce965e80da73c1940663a39222ea63ef3bd35be2/analysis/


/happy new year to y'all
KatZ

Edited by KatZund
Link to post
Share on other sites

  • Staff

Hi,

I can't reproduce detection here.

It looks like it has only killed the process - so it wasn't removed.

This happens in the cases when our Antiransomware can't do additional checks to make a final verdict on the file (most cases because of an internet connection error), so for safety sake, it kills the process anyway, just to be sure.

Can you verify that this machine is connected to the internet? If so, mind to do another scan? This shouldn't be detected anymore then.

Link to post
Share on other sites

Hi,

I've checked. Somehow strange because it was detected while running the program. Now I've let malwarebytes check c:\ and to be sure I tried again by narrowing to let it scan the appdata directory only. Nothing bad found. Ran the original Exif Remover (in c/program files x86) several times to see if I can get the ransomeware warning. Nothing. The file 'exiftool.exe' is still in the appdata/local/temp dir. I've had the warning one or two times before by running the software but had no time to check it out and write on the forum.
Three malwarebytes files have internet access btw.

thank you
Kat
-------
this pc runs win10x64,Eset Smart Security and Malwarebytes.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.