SloppyMcFloppy Posted April 6, 2019 ID:1306871 Share Posted April 6, 2019 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 4/5/19 Scan Time: 8:30 PM Log File: 2cb3499b-5803-11e9-ba38-0862664c1ba6.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.563 Update Package Version: 1.0.10020 License: Premium -System Information- OS: Windows 10 (Build 17763.379) CPU: x64 File System: NTFS User: -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 285132 Threats Detected: 1 Threats Quarantined: 0 Time Elapsed: 5 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.FFInjectExt, C:\USERS\xxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HW6T1DE0.DEFAULT\EXTENSIONS\{BEE8B1F2-823A-424C-959C-F8F76C8B2306}.XPI, No Action By User, [4709], [546469],1.0.10020 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) VT: https://www.virustotal.com/#/file/6993d01b7945223460ac516d71bb73a180f414b5a48c99632768e3d7b8541456/detection FP sample attached below in zip folder. No password needed. Fix it ASAP. {bee8b1f2-823a-424c-959c-f8f76c8b2306}.zip Link to post Share on other sites More sharing options...
Staff thisisu Posted April 6, 2019 Staff ID:1306874 Share Posted April 6, 2019 Hello, The detection will be reviewed and removed if needed. Thank you for reporting Link to post Share on other sites More sharing options...
Staff thisisu Posted April 6, 2019 Staff ID:1306884 Share Posted April 6, 2019 It was reviewed. It's not a false positive. https://www.systemlookup.com/FF_Extensions/8232-bee8b1f2_823a_424c_959c_f8f76c8b2306_xpi.html Link to post Share on other sites More sharing options...
SloppyMcFloppy Posted April 6, 2019 Author ID:1306951 Share Posted April 6, 2019 14 hours ago, thisisu said: It was reviewed. It's not a false positive. https://www.systemlookup.com/FF_Extensions/8232-bee8b1f2_823a_424c_959c_f8f76c8b2306_xpi.html It is a false positive because I have this extension installed on Chrome and it did not detect in Chrome either. Please fix it ASAP. What is the reason why MBAM detect this extension as PUP. Link to post Share on other sites More sharing options...
SloppyMcFloppy Posted April 6, 2019 Author ID:1306952 Share Posted April 6, 2019 https://chrome.google.com/webstore/detail/pop-up-blocker-for-chrome/bkkbcggnhapdmkeljlodobbkopceiche Popular extension on Chrome with over 68,000 reviews Link to post Share on other sites More sharing options...
SloppyMcFloppy Posted April 8, 2019 Author ID:1307136 Share Posted April 8, 2019 @thisui Please fix this FP. Link to post Share on other sites More sharing options...
SloppyMcFloppy Posted April 8, 2019 Author ID:1307137 Share Posted April 8, 2019 On 4/6/2019 at 12:42 AM, thisisu said: It was reviewed. It's not a false positive. https://www.systemlookup.com/FF_Extensions/8232-bee8b1f2_823a_424c_959c_f8f76c8b2306_xpi.html Please fix. Link to post Share on other sites More sharing options...
Staff thisisu Posted April 8, 2019 Staff ID:1307157 Share Posted April 8, 2019 I've inquired as to why the Chrome variant isn't detected. As far as I know this is not a false positive though. You can also ignore the detection by adding it to exclusions as the detection is reviewed by the appropriate team members. (How To) Link to post Share on other sites More sharing options...
SloppyMcFloppy Posted April 9, 2019 Author ID:1307184 Share Posted April 9, 2019 3 hours ago, thisisu said: I've inquired as to why the Chrome variant isn't detected. As far as I know this is not a false positive though. You can also ignore the detection by adding it to exclusions as the detection is reviewed by the appropriate team members. (How To) What is the reason that it got flagged as PUP? Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 9, 2019 Staff ID:1307194 Share Posted April 9, 2019 Hi, It was blocked because of this: https://adguard.com/en/blog/big-star-labs-spyware/ Big violation with the privacy policy. For firefox, it seems like they haven't change much regarding this at all. For Chrome, they did some changes to it. Although, we will review the Chrome extension and re-add detection if still needed. Link to post Share on other sites More sharing options...
Fatdcuk Posted April 9, 2019 ID:1307216 Share Posted April 9, 2019 (edited) 8 hours ago, SloppyMcFloppy said: What is the reason that it got flagged as PUP? Hi , Detection was created for the extension initially as it breached Mozilla privacy criteria and in our opinion that constituted it becoming Potentially Unwanted Program (PUP). However they have since modified/updated their extension (21/02/2019) to comply with Mozilla extension privacy rules so we will be removing detection for their current firefox extension. However we will remain vigilant and should they relapse then we would relist the offending extension(s) again in the future. Edited April 9, 2019 by Fatdcuk Link to post Share on other sites More sharing options...
Recommended Posts