Jump to content

Why did MBAM flag Azureus.exe as malware?


Recommended Posts

While running Vuze today, I noticed that Malwarebytes Premium version 3.4.5 flagged Azureus.exe as malware.

My guess is that Vuze wanted to download an updater to itself (i.e. Azureus.exe), but MBAM caught that, and decided to block it.

Looking at Reports --> View Reports, I see that MBAM's Category for Azureus.exe is "RiskWare".

My questions:

  1. What exactly is "RiskWare"?
  2. I have only used MBAM free in the past, never Premium (am currently on a free trial), and MBAM never identified Azureus.exe before as malware (when I manually scanned my system), so did anything change with either MBAM or Azureus.exe that might have caused this?

Ultimately, I want to know if I can safely ignore this warning (i.e. create an exception, and download Azureus.exe anyways).

Link to post
Share on other sites
  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
  • Staff
5 hours ago, CaptainHindsight said:

My questions:

  1. What exactly is "RiskWare"?
  2. I have only used MBAM free in the past, never Premium (am currently on a free trial), and MBAM never identified Azureus.exe before as malware (when I manually scanned my system), so did anything change with either MBAM or Azureus.exe that might have caused this?

Ultimately, I want to know if I can safely ignore this warning (i.e. create an exception, and download Azureus.exe anyways).

1. Software that is considered risky.

2. I need more information to answer that. Please attach your MBAM log showing the detection. Also zip and attach the Azureus.exe file for analysis in order to confirm whether it is a false positive or not.

Please read:

 

Link to post
Share on other sites
36 minutes ago, thisisu said:

1. Software that is considered risky.

2. I need more information to answer that. Please attach your MBAM log showing the detection. Also zip and attach the Azureus.exe file for analysis in order to confirm whether it is a false positive or not.

Please read:

 

Thanks for your response.  I just sent you a private message with the subject "requested files" that has the requested files.

I looked at this a little deeper (the log files), and I think that my initial guess that Vuze was trying to download an auto updater was wrong.  My version of Vuze is the latest, there is no update.

Instead, I think that Vuze was trying to open a connection to IP address 46.172.212.116, and that particular IP address was blocked.

My guess is that that IP is one that is know to you to have downloaded malware in the past to other people?

Link to post
Share on other sites
57 minutes ago, David H. Lipman said:

46.172.212.116  - Belongs too the Russian Federation.

Is that OK with you ?  winky1.gif.b761c0194d7b5e9edad9acea65c1959c.gif

 

Also: could a Russian IP address have an innocuous explanation, such as, since I was sharing a file, maybe there was another ordinary person in Russia who simply wanted to download it as well?

Also, strictly speaking, 46.172.212.116 is a Ukrainian not Russian IP address that points to the domain name pool.sevtele.com (if ipinfo.info is to be believed, not that that is any more reassuring...).

Link to post
Share on other sites

Other than being an Outbound connection to the IP, everything else is conjecture.

inetnum:        46.172.192.0 - 46.172.223.255
netname:        KRYMINFOSTROY-NET
country:        RU
org:            ORG-KRYM1-RIPE
admin-c:        MANG1-RIPE
tech-c:         MANG1-RIPE
status:         ASSIGNED PI
mnt-by:         RIPE-NCC-END-MNT
mnt-by:         KRYMINFO-MNT
mnt-routes:     KRYMINFO-MNT
mnt-domains:    KRYMINFO-MNT
notify:         alexnvis@gmail.com
created:        2010-12-27T16:47:47Z
last-modified:  2016-04-14T10:19:02Z
source:         RIPE
sponsoring-org: ORG-Vs35-RIPE

organisation:   ORG-KRYM1-RIPE
org-name:       Krym Infostroy Ltd.
org-type:       OTHER
address:        Russia, Simferopol, Kievskaya 136
e-mail:         admin@megabit.pl.ua
abuse-c:        AR30404-RIPE
mnt-ref:        KRYMINFO-MNT
mnt-by:         KRYMINFO-MNT
created:        2010-12-13T14:48:33Z
last-modified:  2015-01-16T21:27:58Z
source:         RIPE

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.