Jump to content

Malwarebytes didn't detect virus


Recommended Posts

I don't think Malwarebytes detected this virus. It got detected by about half of the engines on virustotal, but not by MBAM.

Here is the result from virustotal: https://www.virustotal.com/gui/file/559f591c811135028bdcb36ff5dd87a7b25abf4b35e1038151cd2efd48263bf5/detection

This probably isn't the right place to post this, but i don't know where else to.

Thanks.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Hello,
The reason is that this malware was or is too old. Or the kind of malware that does not fit into the update policy of Malwarebytes Antimalware. Malware examples may not be older than 3 months.
 

Well, look

 https://www.virustotal.com/gui/file/559f591c811135028bdcb36ff5dd87a7b25abf4b35e1038151cd2efd48263bf5/details its to olld....

MAM

 

Link to post
Share on other sites

It is also possible that just the specific Malware Protection/scan engine component didn't detect it but that one of the other modules which are more heuristics and behavior based might since VT only uses the scan engine to check files.  The Malware Protection/scan engine component actually makes up a very small part of what Malwarebytes Premium uses to detect threats and prevent infections.  It is a layered solution with many different methods to stop attacks and you can learn more about how Malwarebytes works by reviewing the information on this page.

In this particular case, since the file in question is a DLL, it can't self-execute (it would have to be an executable file such as an EXE, COM, SCR or other executable file format to do that) so it is probably designed to try and inject itself into another process or to be loaded by another piece of executable malware; behaviors which Malwarebytes should detect via other means such as Exploit Protection.

Link to post
Share on other sites

Does anybody know what it actually does/how it works?  I'm curious just because I still suspect that one of Malwarebytes' other components might actually detect this threat when it is actively attempting to infect a system (we'd likely need a dropper for it rather than just a DLL, as malware seldom shows up as just a single DLL file and usually starts with some kind of script/exploit or executable file to install/initiate).

Link to post
Share on other sites

9 hours ago, MAM said:
Hello,
The reason is that this malware was or is too old. Or the kind of malware that does not fit into the update policy of Malwarebytes Antimalware. Malware examples may not be older than 3 months.
 

Well, look

https://www.virustotal.com/gui/file/559f591c811135028bdcb36ff5dd87a7b25abf4b35e1038151cd2efd48263bf5/details its to olld....

MAM

 

8 hours ago, exile360 said:

It is also possible that just the specific Malware Protection/scan engine component didn't detect it but that one of the other modules which are more heuristics and behavior based might since VT only uses the scan engine to check files.  The Malware Protection/scan engine component actually makes up a very small part of what Malwarebytes Premium uses to detect threats and prevent infections.  It is a layered solution with many different methods to stop attacks and you can learn more about how Malwarebytes works by reviewing the information on this page.

In this particular case, since the file in question is a DLL, it can't self-execute (it would have to be an executable file such as an EXE, COM, SCR or other executable file format to do that) so it is probably designed to try and inject itself into another process or to be loaded by another piece of executable malware; behaviors which Malwarebytes should detect via other means such as Exploit Protection.

7 hours ago, David H. Lipman said:

Besides being known to Virus Total since 2013, and thus too old for Malwarebytes signature creation, it is a trojan and not a virus.

 

 

Fair enough. I'm not really too good with viruses and stuff.

Some further information, i found that in a shady pirated game when trying to install it.(this specifically

https://thepiratebay.org/torrent/8835063/Splinter.Cell.Blacklist-RELOADED.

  This equally shady website says what it does:

https://www.solvusoft.com/en/files/missing-not-found-error/dll/windows/ubisoft/uplay/uplay-r1-dll/

 

 

 

 

Edited by AdvancedSetup
Removed live hyperlinks
Link to post
Share on other sites

Please avoid such shady sites.  The site that supposedly indicates what the DLL is, is not about the information.  It about pushing crapware.  It is using the name of the DLL as its ploy to goad one into the crapware installation.

https://www.virustotal.com/gui/file/b1d4caaf30643bd13f61b790c8a51003d996ee82171d2ee649b7accf7cdd31f0/detection

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.