Paladins.exe (64-bit) might be a False Positive

[Clawcutter547]

I'm not sure how it happened but during an update to the Steam game Paladins today my copy of Malwarebytes said the game as Ransomware i'm not sure it is a False positive or not so i thought i would post the report my protection got and give it here so smarter people then me can look over it.

 

-Log Details-
Protection Event Date: 9/12/19
Protection Event Time: 2:04 PM
Log File: 5749b806-d512-11e9-a4bc-d8c4978e5850.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12427
License: Premium

-System Information-
OS: Windows 10 (Build 17763.678)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Steam\steamapps\common\Paladins\Binaries\Win64\Paladins.exe, Quarantined, [0], [392685],0.0.0

(end)

[miekiemoes]

Hi,

Please unquarantine the file, then reboot and zip and zip and attach this exact file that was quarantined.

Also, I suggest you add an exclusion (after reboot and unquarantine) for this file.

 

 

* To add the exclusion, open Malwarebytes > Settings > Exclusions tab

* Below, click the button: "Add Exclusion"

* Then, select "Exclude a File or Folder" (this should be prechecked already by default)

* Click Next

* You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude.

* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already)

* Then click the OK button below.

Thanks!

[Clawcutter547]

i not sure what you mean by Zip and Zip and attach but i think you mean put the file here so here is a copy

Paladins.zip

[miekiemoes]

Thanks.

This should be no longer detected anymore.

Thanks for reporting!

[OldFatDog]

I'm having a very similar issue after a Paladins update today. However, I can't find the quarantined file when I look for it. Malware Bytes shows this as the path to the quarantined file:

D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win64\Paladins.exe

However, when I go to that path, there is no "paladins.exe" file. In that Win64 sub-folder, there's only a paladinsEAC.exe file.

The only paladins.exe file I have on my entire computer is in the Win32 sub-folder:

D:\SteamLibrary\steamapps\common\Paladins\Binaries\Win32\Paladins.exe

I tried excluding both EXE files mentioned above, but that didn't work.

Thoughts?

 

 

[miekiemoes]

Hi,

The fact that you can't exclude or can't find it, is because it's still in your quarantine. 

So you have to unquarantine it first (select and click restore) and then reboot.

After reboot, you will be able to create an exclusion for it.

 

* To add the exclusion, open Malwarebytes > Settings > Exclusions tab

* Below, click the button: "Add Exclusion"

* Then, select "Exclude a File or Folder" (this should be prechecked already by default)

* Click Next

* You'll see a field that says: "Specify a File or Folder" - there, click the button "Select Files..." and browse to the file you want to exclude.

* For "How to Exclude", select: "Exclude from detection as malware, ransomware or potentially unwanted item" (this is normally also selected by default already)

* Then click the OK button below.

Once you've done above, can you also zip and attach this exact Paladins file? This so I can have a look at it, if something changed.

Thanks!

[OldFatDog]

I have only one reply -- Duh.

Thank you! That worked.