Jump to content
SteveDOB1961

Bethesda.net

Recommended Posts

Not convinced there is ransomware in the Bethesda.net game I was playing (Fallout Shelter) so now I cannot start the game that Malwarebytes shut down:

-Log Details-
Protection Event Date: 10/15/18
Protection Event Time: 8:13 PM
Log File: 5a84102a-d0ae-11e8-a55a-001fc6396638.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7365
License: Trial

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\program files (x86)\bethesda.net launcher\games\FalloutShelter\FalloutShelter.exe, Blocked, [0], [392685],0.0.0
 

Share this post


Link to post
Share on other sites

can you please zip and attach the file here?

C:\program files (x86)\bethesda.net launcher\games\FalloutShelter\FalloutShelter.exe

To release the lock on the file you either need to shut malwarebytes down completely or reboot.

 

Edited by shadowwar

Share this post


Link to post
Share on other sites

Report pasted in initial post. Ransomeware details: File: 

C:\program files (x86)\bethesda.net launcher\games\FalloutShelter\FalloutShelter.exe

 

Anything else of use? 

 

Share this post


Link to post
Share on other sites

I have had the Bethesda game for many months and never experienced this before, but there was a Malwarebytes upgrade just before it happened

Share this post


Link to post
Share on other sites

The export function doesn't have the information we need. We need the actual files we requested to resolve this for you.  The json contains more information then the export.

Share this post


Link to post
Share on other sites

Navigate to here in windows explorer:

C:\ProgramData\Malwarebytes\MBAMService\ArwDetections\5a84102a-d0ae-11e8-a55a-001fc6396638.json

 

and attach that json file to this post.

 

Thanks.

 

Screenshot 2018-10-17 08.46.36.png

Share this post


Link to post
Share on other sites
            "cleanAction" : "block",
            "cleanResult" : "successful",

 

This means our whitelisting server could not be reached. I would suggest you add this file to your local exclusions. The version seems to be different from what was previously reported, but it is also whitelisted on our server side.

Edited by tetonbob

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.