Jump to content

our app is getting snagged


jjenni

Recommended Posts

hello,

our company writes an app that for some reason when our auto update routine runs our app main exe file is being caught by Malwarebytes as ransomware and it says it is quarantined but I cant find it in quarantine or in the logs to try and figure out what is going on here.

can someone please contact me as soon as possible to resolve this issue.

 

thank you.

 

Link to post
Share on other sites

  • Staff

Hi,

This is a detection by our Antiransomware component where it might find this process suspicious. In your case, it's most probably being killed as an active process only if it's not being quarantined (since you can't find it in quarantine). So the file didn't get deleted, only killed/stopped as a running process.This mostly happens when there's no internet connection available,  so an additional check in the cloud can't be done either on the suspicious process to give a final determination whether the file might be goodware or malware. That's why Malwarebytes kills the process only (a better safe than sorry approach).

Is your PC connected to the internet? Or is it blocking any malwarebytes related traffic?

Also, can you zip and attach the detected file here?

 

Thanks!

 

Link to post
Share on other sites

there is the problem. everything gets killed and our actual .exe no longer exists in our folder. 

I have asked for one of our developers to come to my office to maybe explain what they are doing with the update routine that seems to get caught up even though the alert references our .exe file and that file is actually deleted from the folder.

Link to post
Share on other sites

  • Staff

Hi,

This is curious, as it should be in the unquarantine if it actually gets deleted.

We would need more info, so can you zip and attach the MBAMService.LOG, this so I can have a look why it was detected and what happened there.

You can find this log in the following folder: C:\ProgramData\Malwarebytes\MBAMService\LOGS

Edited by miekiemoes
Link to post
Share on other sites

  • Staff

Thanks a lot!

This really helps us to finetune detection. We have fixed this in a meanwhile, so it shouldn't be detected anymore. 

In case it's still detected, it's because it's cached for you, so in that case, Quit malwarebytes from the systemtray.
Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Also, the reason why you couldn't find it in quarantine is because it was triggered during updating. So it was actually deleted by the "updating" already (by the program), so that explains why it wasn't quarantined and the file wasn't there, because the updating actually deleted the file and we detected before the replacing of the new file.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.