Jump to content

Strange file in MBAMService directory


Recommended Posts

I'm using Malwarebytes 3.5.1 premium. Starting last week my antivirus program, Avira, quarantines a file from C:\ProgramData\Malwarebytes\MBAMService. The file seems to be recreated, but sometimes it changes name.

Here is a list of some of the names

749e82e89c3711e8bbf7f0761c1600be
68eec7cc9d0011e8adaff0761c1600be
ec9941789dc911e88cebf0761c1600be
a400d1329e9211e8bfaaf0761c1600be
6d7f119e9ecb11e89838f0761c1600be
adda1b869f5b11e8a82af0761c1600be

Is this a file that Malwarebytes creates and own or is it, as Avira suggest, a suspicious file?

I have a copy of the file, but if it's suspicious I don't want to spread it around...

// Anders

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

I don't think they are a problem for you. I don't use Avira or any other AV program---I only use Windows Defender and MWB and Defender doesn't seem to object to them.  I have similar files and they seem to relate to the number of Scan Reports I have. I am on the Beta release since last week but haven't had any problems previously. Someone will advise you of any exclusions you might have to make to Avira or fix the bug, but I wouldn't worry about it in the meantime.

Version.PNG

Reports.PNG

Edited by RTL434
Picture in wrong place
Link to post
Share on other sites

I don't think that the files you listed and the files Avira complains about are the same!

"My" files are located directly in the MBAMService directory and does not include any - in it's name. In the directory ScanResults I have simular files as you.

 

Thank you for you input.

// Anders

Link to post
Share on other sites

  • Administrators

@andis59 can you post a log file or scan report from Avira? This looks like it's a false positive of some of our files that use a GUID for the filename, but seeing their logs/reports would help to be sure on that.

Edited by AlexSmith
Added clarity
Link to post
Share on other sites

This is a snippet from the file avguard.log

8/10/2018,2:51:03 [INFO] FP reports status 'NO False Positive' for file 'C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be'
8/10/2018,2:51:03 [DETECTION] Suspicious file: The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)!
  C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be
      [INFO] This detection is suspicious. Please send us this file immediately for further analysis.
      [INFO] The file will be copied to quarantine!
8/10/2018,2:51:04 [INFO] FP reports status 'NO False Positive' for file 'C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be'
8/10/2018,2:51:04 [DETECTION] Suspicious file: The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)!
  C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be
      [INFO] This detection is suspicious. Please send us this file immediately for further analysis.
8/10/2018,2:51:04 [INFO] FP reports status 'NO False Positive' for file 'C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be'
8/10/2018,2:51:04 [DETECTION] Suspicious file: The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Worm.Gen)!
  C:\ProgramData\Malwarebytes\MBAMService\749e82e89c3711e8bbf7f0761c1600be
      [INFO] This detection is suspicious. Please send us this file immediately for further analysis.

 

I have not sent the file to Avira yet. I want to know if it's a file that belong to Malwarebytes or not before I do....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.