virtualliftdeveloper Posted January 12, 2018 ID:1199211 Share Posted January 12, 2018 I am fairly certain that this is a false positive. Malwarebytes Free detected five (so far) executable files (.EXE) from Microsoft Office for Windows 95 as Malware. I am running Windows 7 Home Premium. I can see how it would detect the binder; -It launches on startup -it has some compatibility issues -it locks to the side of the screen -you have to open a menu to close it ...but... why? I think the MBAM team might need to work on "MachineLearning/Anomalous.100%" detections. (I AM TECH SAVVY BUT TIRED) Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 12, 2018 Staff ID:1199212 Share Posted January 12, 2018 (edited) Can you please attach the mbam service log here? or at least virusttotal reports from the files detected and we will get this fixed right away. Edited January 12, 2018 by shadowwar Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 12, 2018 Author ID:1199216 Share Posted January 12, 2018 (edited) I am mid scan... it would be difficult. Edit: I may be able to scan these files, but my PC's got tons of stuff open. Edited January 12, 2018 by virtualliftdeveloper extra info Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 12, 2018 Staff ID:1199217 Share Posted January 12, 2018 Ok well as soon as you get us the information we will investigate it. I really have nothing to go on at the moment with just a screenshot. These are heuristic detections so i really need the files or md5's to fix this. Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 13, 2018 Author ID:1199393 Share Posted January 13, 2018 Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 13, 2018 Author ID:1199398 Share Posted January 13, 2018 14 hours ago, shadowwar said: or at least virusttotal reports from the files detected and we will get this fixed right away. Scan completed now. Only one engine (Cylance) detected SCHDPL32.EXE as malware. All the other engines and files reported clean. Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 13, 2018 Staff ID:1199408 Share Posted January 13, 2018 (edited) I need the virustotal report links for eachvt scan. These are shuriken heuristic detections that occur anywhere in the scan. Basically I need specific info on each file that each vt report gives me. Filename doesn't help to fix alone. Edited January 13, 2018 by shadowwar Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 13, 2018 Author ID:1199419 Share Posted January 13, 2018 Here's a log. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/12/18 Scan Time: 6:41 PM Log File: 28edb918-f7c8-11e7-997e-80c16eeeb2ac.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3683 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User-PC\User -Scan Summary- Scan Type: Custom Scan Result: Completed Objects Scanned: 378458 Threats Detected: 5 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 15 hr, 48 min, 25 sec -Scan Options- Memory: Disabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 5 MachineLearning/Anomalous.100%, C:\MSOFFICEW95\OFFICE\MSOFFICE.EXE, No Action By User, [0], [392687],1.0.3683 MachineLearning/Anomalous.100%, C:\MSOFFICEW95\ACCESS\MSACCESS.EXE, No Action By User, [0], [392687],1.0.3683 MachineLearning/Anomalous.100%, C:\MSOFFICEW95\SCHEDULE\SCHDPL32.EXE, No Action By User, [0], [392687],1.0.3683 MachineLearning/Anomalous.100%, C:\MSOFFICEW95\OFFICE\MSOW.EXE, No Action By User, [0], [392687],1.0.3683 MachineLearning/Anomalous.100%, C:\MSOFFICEW95\OFFICE\BINDER.EXE, No Action By User, [0], [392687],1.0.3683 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 13, 2018 Staff ID:1199426 Share Posted January 13, 2018 That is not the mbamservice.log Its is located here. C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbamservice.log. In order to fix this i need any one of the three: 1. Links posted for each one of the virustotal reports for each of the 5 files scanned Example of a link below. https://www.virustotal.com/en/file/10e22482690759d315b85f63058849308a787f29ac52ebf306f56829b4cc5344/analysis/ 2. The files detected zipped and attached here. 3. The mbamservice.log described above attached here. Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 14, 2018 Author ID:1199799 Share Posted January 14, 2018 Well, it's some info. I will have the detected files compressed and uploaded soon Link to post Share on other sites More sharing options...
virtualliftdeveloper Posted January 14, 2018 Author ID:1199804 Share Posted January 14, 2018 detectedfiles.zip Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 14, 2018 Staff ID:1199846 Share Posted January 14, 2018 This should be fixed now. Thanks for submitting the files. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now