Jump to content

False Positive - Firestorm Viewer

Joy717

By Joy717
in Ransomware

 Share

Recommended Posts

Joy717

Joy717

Posted
Posted (edited)

The program was automatically removed, error claiming Ransomware. I created a JIRA ticket for Firestorm, support suggested i post here as a false positive.
This Firestorm viewer was a new updated version. Malwarebytes report info:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/11/18
Protection Event Time: 7:39 PM
Log File: 249e82d8-9dc8-11e8-b53b-4ccc6a6d1357.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.391
Update Package Version: 1.0.6307
License: Premium

-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 5
Malware.Ransom.Agent.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\PROGRAM FILES\FirestormOS-Releasex64\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\USERS\JOYLA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\USERS\PUBLIC\DESKTOP\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0
Malware.Ransom.Agent.Generic, C:\Program Files\FirestormOS-Releasex64\FirestormOS-Releasex64.exe, Quarantined, [0], [392685],0.0.0


(end)

Edited by Joy717
Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

Thanks for reporting. This looks like a false positive indeed.

Can you unquarantine what it has detected, then temporary disable the Ransomware Protection and zip and attach the following file to your next post?

C:\Program Files\FirestormOS-Releasex64\FirestormOS-Releasex64.exe

This so we can have a better look at it and fix it.

 

Thanks!!

Link to post
Share on other sites
DeyJaVoo

DeyJaVoo

Posted
Posted (edited)

I had the same issue as above. Filed a Jira, they only told me to come here to find the fix. So here I am... But I don't see anything to say how to fix the issue.

 

* I went back to the later version of Firestorm, to keep from having this issue..but do need to know how to fix it.

 

 

https://gyazo.com/4a7821943e5a1240e01d4cf025fc7958

 

I received this notice from my computer Malware program;
Malwarebytes www.malwarebytes.com Log Details Protection Event Date: 7/29/18 Protection Event Time: 3:37 PM Log File: ca376db6-9366-11e8-b44a-1c6f65973872.json Administrator: Yes Software Information Version: 3.5.1.2522 Components Version: 1.0.391 Update Package Version: 1.0.6117 License: Premium System Information OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System Ransomware Details File: 5 Malware.Ransom.Agent.Generic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0 Malware.Ransom.Agent.Generic, C:\PROGRAM FILES\FirestormOS-Releasex64\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0 Malware.Ransom.Agent.Generic, C:\USERS\JOANNE\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0 Malware.Ransom.Agent.Generic, C:\USERS\PUBLIC\DESKTOP\FirestormOS-Releasex64.lnk, Quarantined, [0], [392685],0.0.0 Malware.Ransom.Agent.Generic, C:\Program Files\FirestormOS-Releasex64\FirestormOS-Releasex64.exe, Quarantined, [0], [392685],0.0.0 (end)

 

 

Edited by DeyJaVoo
Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

Can you please zip and attach the file that was unquarantined? As I have not received it yet (from previous reply).

Please see the instructions in above.

As an additional note, a new component Update will go out soon for the Antiransomware protection where some of the above and similar FPs will be reduced and detection will be finetuned.

Thanks!

Link to post
Share on other sites
DeyJaVoo

DeyJaVoo

Posted
Posted
1 minute ago, miekiemoes said:

Hi,

Can you please zip and attach the file that was unquarantined? As I have not received it yet (from previous reply).

Please see the instructions in above.

As an additional note, a new component Update will go out soon for the Antiransomware protection where some of the above and similar FPs will be reduced and detection will be finetuned.

Thanks!

Yes I will do this when I get home.(in 6 hours) I am at work now. Thanks for the reply.

Link to post
Share on other sites
Willow_Wilder

Willow_Wilder

Posted
Posted
2 hours ago, miekiemoes said:

Hi,

Can you please zip and attach the file that was unquarantined? As I have not received it yet (from previous reply).

Please see the instructions in above.

As an additional note, a new component Update will go out soon for the Antiransomware protection where some of the above and similar FPs will be reduced and detection will be finetuned.

Thanks!

Hello Miekiemoes,

The file size exceeds the attachment limit. I've uploaded the 4 Windows installer files to Dropbox hoping that works as an alternative for you. https://www.dropbox.com/sh/xmxv5egkbligygn/AACQt1WsmDA9wI8vqQ7YNTMSa?dl=0  

Our bug report for reference https://jira.phoenixviewer.com/browse/FIRE-22926

Thank you for your assistance addressing this issue. 

 

Regards,

Willow Wilder

Quality Assurance Lead

The Phoenix Firestorm Project, Inc. 

 

Link to post
Share on other sites
Willow_Wilder

Willow_Wilder

Posted
Posted
6 minutes ago, miekiemoes said:

Hi,

We just needed this file: C:\Program Files\FirestormOS-Releasex64\FirestormOS-Releasex64.exe

This to avoid any confusion. But the installer works as well. But we then need to install it in order to collect that file.

Hello Miekiemoes, 

I've highlighted which of the 4 installers is the one you referred to on this screenshot https://prnt.sc/kikten

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Hi,

I Installed, collected the sample and fixed the false positive, so this should no longer be detected anymore.

As an additional note, we have an updated build for our AntiRansomware in a meanwhile which is more finetuned in order to detect better + also reduces False Positives in general, so this should also help.

Link to post
Share on other sites
Willow_Wilder

Willow_Wilder

Posted
Posted
16 minutes ago, miekiemoes said:

Hi,

I Installed, collected the sample and fixed the false positive, so this should no longer be detected anymore.

As an additional note, we have an updated build for our AntiRansomware in a meanwhile which is more finetuned in order to detect better + also reduces False Positives in general, so this should also help.

Hello Miekiemoes, 

That's lovely to hear. Thank you for your prompt assistance. 

Will this update be delivered in the background, or will users need to update manually? 

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Normally it should be OK and not detected anymore, as I got the above file. :)

 

Unless the detection pops up again (who knows on a slightly different version), then please zip and upload the file (only the actual detected file and not the installer, as that makes it easier for us). I know this file is quite big (a 40-ish MB), so it probably won't allow to attach. So just use dropbox or any other similar filesharing interface for this. :)

But normally, detection shouldn't happen anymore.

Link to post
Share on other sites
DeyJaVoo

DeyJaVoo

Posted
Posted
1 minute ago, miekiemoes said:

Normally it should be OK and not detected anymore, as I got the above file. :)

 

Unless the detection pops up again (who knows on a slightly different version), then please zip and upload the file (only the actual detected file and not the installer, as that makes it easier for us). I know this file is quite big (a 40-ish MB), so it probably won't allow to attach. So just use dropbox or any other similar filesharing interface for this. :)

But normally, detection shouldn't happen anymore.

so no need to turn 'ransomeware' off on the Malwarebytes app when installing the newest firestorm release? or should I leave it on to make sure it's fixed? 

Link to post
Share on other sites
DeyJaVoo

DeyJaVoo

Posted
Posted
25 minutes ago, Joy717 said:

Thank you all for your responses and solution to this issue. My apologies in my delay in responding, I did not have access to a computer.

Thanks so much! ?

Hi Joy, 

Have you re installed the newest version of Firestorm and found no issues after this fix?

I hesitant to re install it until I hear from you.

Thanks

DeyJavue Resident (In World)

Link to post
Share on other sites
Joy717

Joy717

Posted
  • Author
Posted (edited)

Thank you Willow for supplying the file!

I updated Malwarebytes, rebooted computer (just in case), then installed Firestorm.

So far so good. I'm not having any issues. Thanks so much for quick resolution. ❤️

Edited by Joy717
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.