Jump to content
weex123

Google Updater File Marked As Ransomware

Recommended Posts

Can you please delete duplicated admin? It seems that malwarebytes forum were giving errors when submitting the topic, but it was already submitted :)

Share this post


Link to post
Share on other sites

I also wanted to come here and say that this was flagged by MB as well.

It's in the same exact location you listed.

 

Flagged as "Ransom.Crysis"

Share this post


Link to post
Share on other sites

Steady stream of clients on my network reporting identical file.

Share this post


Link to post
Share on other sites

Sorry for the inconvenience everyone. An update is going out now to address this false positive.

Share this post


Link to post
Share on other sites

Fixed in:

MBAM2 Version: v2019.04.28.01
MBAM3 Version: 1.0.10370

Share this post


Link to post
Share on other sites

Can I please check what I should do for clarification?

My scan I did overnight has found this too and I immediately quarantined it

I am using Malwarebytes version 3.7.1 (attached is the screenshot)

Capture.JPG

Share this post


Link to post
Share on other sites

You can select quarantined  option on left, they will display, check mark the one you want to restore. 

Myself, I had just run an image of complete system and just did a single file restore.   Maybe I shouldn't have done it that way, but I did,.  When I did the quarantined , it required a restart.  Not sure why Malwarebytes wants a person to do a restart just to move a file to  a folder called quarantined , perhaps they did more that my single file restore wouldn't have caught.   Using the restore from Malwarebytes would be easiest for you. 

Share this post


Link to post
Share on other sites

At first I restored from within Malwarebytes, but when it restored it put file name in as all caps, and I wondered why.  It doesn't matter, but red flags went up that anything at all was changed while in quarantine.  I don't know the process of their  quarantine process as it also required a reboot.  My guess is they put it in a hidden directory and change the name, but display the name as it was when quarantine?  Then if you want it restored, they put it back with original name.  Since I didn't understand how it was handled and since the name was modified (even though it didn't hurt or affect anything), I went with my restore a file from an image only a few hours old. 

Share this post


Link to post
Share on other sites

Don't see an edit, but should add with new update it didn't report it as a problem, also Webroot didn't report a problem. 

Share this post


Link to post
Share on other sites

What I ended up doing was deleting the file and then restoring it with the link provided above with the same file name as before. I then re-scanned and no error was picked up this time by Malwarebytes either I also scanned the file itself with Malwarebytes just to be on the safe side and no issue was detected.

Thanks for your help.

Share this post


Link to post
Share on other sites

Also a note, this is an update file used by a Slovenian Google Chrome. So if you are not using Slovenian language based Chrome, you will be fine with deleting the file, no need to restore :)

Share this post


Link to post
Share on other sites

Great thank you :)

I just put the file back just to be on the safe side as I was wary of deleting it. There are other language files in that folder that I don't use but just worried about deleting them and then worrying if something goes wrong.

Share this post


Link to post
Share on other sites

So how do we address this in Malwarebytes Endpoint Protection cloud console? I don't see anyway to update a database?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.