Jump to content
cfoster8

Trojan found in Malwarebytes product

Recommended Posts

I have Malwarebytes premium 3.5.1 and it's up to date.  I have Windows 10.  Windows defender keeps saying it detects a trojan win32/malext in mbamclientconfig.json.  It seems to happen whenever I start google chrome.  After several instances of seemingly removing it and having it come back the next time I started chrome, it finally occurred to me that mbam was malwarebytes, which obviously shouldn't have a trojan embedded in it.  Does anybody know what's going on and how to resolve it?

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

I have Malwarebytes premium 3.5.1 and it's up to date.  I have Windows 10.  Windows defender keeps saying it detects a trojan win32/malext in C;\ProgramData\Malwarebytes\MBAMService\MwacDetections\MbamClientConfig.json    and some other jsons with randon mubers . 

It seems to happen whenever I start google chrome.  After several instances of seemingly removing it and having it come back the next time I started chrome, it finally occurred to me that mbam was malwarebytes, which obviously shouldn't have a trojan embedded in it.  I did not expect some Trojan to be bundled into Malwarebyte product.

Please look into this at earliest.

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Can you please provide the logs mentioned above so we can take a look? This should give us some context as to why it's flagging on your machine.

Share this post


Link to post
Share on other sites

Can you please provide the logs mentioned above so we can take a look? This should give us some context as to why it's flagging on your machine.

Share this post


Link to post
Share on other sites

Looks like that missed the file in question, can you please upload the file from C:\ProgramData\Malwarebytes\mbamservice\config\mbamclientconfig.json

Share this post


Link to post
Share on other sites

I restarted the PC and uninstalled the Malwarebytes. Then reinstalled it and have no more Defender messages. Those detection messages had problems with the files in MwacDetections directory, and some content in them, about the site banner.boostbox.com.br. Malwarebytes detect this site as a riskware, and Defender detect this json logs as trojan files.

This is what Defender show in it logs : 

Trojan:Win32/Malext

Affected files:

file: C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\096a9fde-5c9f-11e8-b17f-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\098a87fe-5c9f-11e8-a888-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\10a3bf64-5c9b-11e8-a8c1-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\10ca7e1a-5c9b-11e8-ae30-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\3edb9172-5ca0-11e8-a670-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\3f01b3d4-5ca0-11e8-9ec0-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\4d5da088-5dfd-11e8-ad50-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\7cf4a55e-5ca3-11e8-bf9e-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\7d03a7c0-5ca3-11e8-bdb4-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\8363ed1c-5ca5-11e8-8182-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\8389ccbc-5ca5-11e8-b4ae-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\948e000c-5ca3-11e8-8b31-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\9e2503b8-5ca3-11e8-82d0-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\b6ae2a2c-5ca3-11e8-81c1-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\da2cdf50-5ca5-11e8-b864-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\da523e80-5ca5-11e8-ba86-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\e21e8aee-5ca3-11e8-905e-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\e24428b2-5ca3-11e8-a090-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\f28251da-5ca4-11e8-9f6f-4ccc6a08b213.json

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\f2a762f4-5ca4-11e8-9bc6-4ccc6a08b213.json

 

 

Share this post


Link to post
Share on other sites
4 minutes ago, dcollins said:

Looks like that missed the file in question, can you please upload the file from C:\ProgramData\Malwarebytes\mbamservice\config\mbamclientconfig.json

There you have.

MbamClientConfig.7z

Share this post


Link to post
Share on other sites

I'm getting it too. It's all in a MBAM folder marked "Mwacdetections", example "file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\ccfc71f8-8002-11e8-bc7a-2c56dc39432a.json". Everything with a .json extension in this folder is being flagged by Windows Defender.

Edited by gman68w

Share this post


Link to post
Share on other sites

dcollins asked:
Can you please provide the logs requested above.

I suspect you're referring to downloading the support tool:
mb-support-1.1.2.471.exe
But after installing it, I'm asked for my email and a ticket number. I have none. Suggestions?

Share this post


Link to post
Share on other sites

Windows Defender reports these files affected:
 

Trojan:Win32/Malext
Category: Trojan

file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\50d0684e-7fcd-11e8-a322-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\50669270-7fcd-11e8-8455-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\ff2ca7a0-7fcc-11e8-b83b-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\fed14ebe-7fcc-11e8-aa62-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\fd2eb128-7fcc-11e8-9482-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\50d0684e-7fcd-11e8-a322-600292506935.json
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\50669270-7fcd-11e8-8455-600292506935.json

Share this post


Link to post
Share on other sites

BTW,  Individual Win Defender reports, which arrive with a list of affected files like the one above, indicate a set of files affected that are not exactly the same each time. 

Share this post


Link to post
Share on other sites

Wow, I wasn't really expecting a quick response on 7/4.  Wish I had checked back in earlier.  Here is the log I think you're looking for.  Unlike n3ilmurphy, it always seems to be the same file for me.  And it's always when I open chrome.  I also get two riskware warnings from Malwarebytes when I open chrome.  No idea if it's related.

Defender log.txt

Share this post


Link to post
Share on other sites

Are we all infected? Was Malwarebytes compromised?I'm using Bitdefender Total Security so..How do I know I'm safe?

Share this post


Link to post
Share on other sites

From today at 4 o'clock in the morning Spanish time, I am having the same problem, it all started with a series of massive detections by windows defender, where it indicated that the file with the extension .json located at:
"
file: C:\ProgramData\Malwarebytes\MBAMService\MwacDetections\" is a Trojan:Win32/Malext, when I try to remove it automatically, it is recreated with different names with the same extension .json.

Share this post


Link to post
Share on other sites

Thanks for the reports. The good news is that you are not infected, this looks to be a false positive from Microsoft flagging our files for some reason. We are working on figuring out what's going on and the best way to resolve the issue.

Share this post


Link to post
Share on other sites

Thanks for the reports. The good news is that you are not infected, this looks to be a false positive from Microsoft flagging our files for some reason. We are working on figuring out what's going on and the best way to resolve the issue.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.