alghorabaa Posted January 21, 2020 ID:1357470 Share Posted January 21, 2020 Hi, I have been using this program (Kelk 2013) for years without problems, their website is: http://sinasoft.com/kelk.html But after using Malwarebytes I am unable to use it, I scan it and it showed total 12 detection, please check the attachments result.txt Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 21, 2020 Staff ID:1357472 Share Posted January 21, 2020 can you please zip and attach the files detected here? Thanks! Link to post Share on other sites More sharing options...
alghorabaa Posted January 21, 2020 Author ID:1357484 Share Posted January 21, 2020 Hi, I put them all in RAR file, 11 files since one file is located at two folder so there was no need to make two copies of it, I also added two files (Kelk2K.exe, Kelk2KR.exe) since Malwarebytes classified them as (MachineLearning/Anomalous.100%) and as Kelk developers gives a note to exclude these two files from Antivirus scan rules, thanks files_detected.rar Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 21, 2020 Staff ID:1357500 Share Posted January 21, 2020 This should be fixed in about 10 mins. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. Link to post Share on other sites More sharing options...
alghorabaa Posted January 21, 2020 Author ID:1357570 Share Posted January 21, 2020 Hi, I updated Malwarebytes, and restarted my laptop, and even deleted hubblecache following the steps you had given, and restarted again, and opened Kelk 2013, but Malwarebytes blocked it, message in the attachment. thanks Link to post Share on other sites More sharing options...
alghorabaa Posted January 21, 2020 Author ID:1357576 Share Posted January 21, 2020 Hi, Thanks, I had to delete hubblecache one more time, and restore the file from (quarantined), and it seems to be working normally now. Many thanks Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357694 Share Posted January 22, 2020 Hi, I manually scanned the application folder and got two files infected with (trojan.malpack.themida): xu/k2kmath.dll xu8/hshardll.dll They were among the files I uploaded yesterday Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357712 Share Posted January 22, 2020 hmm they are showing whitelisted on this end. Can you please post the scan log? Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357723 Share Posted January 22, 2020 Hi, It is very strange, I have two computers, one of them shows 2 infections, and the other one shows 10 infections on manual scan, both of them were updated and file (hubblecache) was deleted many times, and machines were restarted several times, the scan log is attached here. thanks result.txt Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357724 Share Posted January 22, 2020 These aren't blocked anyway from communicating with us are they? Hubble gets its information from the cloud about whitelisting the files. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357725 Share Posted January 22, 2020 apart from that, (Kelk 2013) works without problems, check attachments please. Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357728 Share Posted January 22, 2020 The best i can say is to add them to your ignore list. Something is blocking your communication to our hubble cloud. We have seen this in the past with modified copies of the hosts file. Either Malware can modify the hosts file or Pirated copies of MBAM sometimes add entries to the hosts file to block license checks. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357730 Share Posted January 22, 2020 Apart from that, (Kelk 2013) works without problems, check attachments please. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357735 Share Posted January 22, 2020 No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357740 Share Posted January 22, 2020 No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments. Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357741 Share Posted January 22, 2020 The best i can say then is to add to the ignore list. From the files you sent originally i verified they are all currently whitelisted in the cloud. Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357743 Share Posted January 22, 2020 You can also pm me the mbamservice.log located in C:\ProgramData\Malwarebytes\MBAMService\logs and i can see what is happening with the detections. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357744 Share Posted January 22, 2020 I guess it is all because of internet, it is not stable at all due to the cut of the internet undersea cable, the whole country suffers from slow internet, check this link: https://www.wired.com/story/yemen-internet-blackout-undersea-cable/ Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357751 Share Posted January 22, 2020 That could be very well it. The mbamservice.log will show if hubble calls timed out. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357753 Share Posted January 22, 2020 I am trying to upload the whole log folder to you through PM, rar file is 3.7 mb which is to big to be uploaded due to slow internet Link to post Share on other sites More sharing options...
Staff shadowwar Posted January 22, 2020 Staff ID:1357756 Share Posted January 22, 2020 Well if you want search for one of the file names detected in the mbamservice.log. Give me the 5 lines before and after the filename and post it here. Link to post Share on other sites More sharing options...
alghorabaa Posted January 22, 2020 Author ID:1357759 Share Posted January 22, 2020 File sent to your pm Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now