alghorabaa #1 Posted January 21 Hi, I have been using this program (Kelk 2013) for years without problems, their website is: http://sinasoft.com/kelk.html But after using Malwarebytes I am unable to use it, I scan it and it showed total 12 detection, please check the attachments result.txt Share this post Link to post Share on other sites
shadowwar #2 Posted January 21 can you please zip and attach the files detected here? Thanks! Share this post Link to post Share on other sites
alghorabaa #3 Posted January 21 Hi, I put them all in RAR file, 11 files since one file is located at two folder so there was no need to make two copies of it, I also added two files (Kelk2K.exe, Kelk2KR.exe) since Malwarebytes classified them as (MachineLearning/Anomalous.100%) and as Kelk developers gives a note to exclude these two files from Antivirus scan rules, thanks files_detected.rar Share this post Link to post Share on other sites
shadowwar #4 Posted January 21 This should be fixed in about 10 mins. If still detected on your end after ~10 minutes from now. Perform the following steps: Totally exit/shutdown Malwarebytes. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService Delete the following file only: hubblecache Then you can restart MBAM and the cache file will rebuild on the next scan. Share this post Link to post Share on other sites
alghorabaa #5 Posted January 21 Hi, I updated Malwarebytes, and restarted my laptop, and even deleted hubblecache following the steps you had given, and restarted again, and opened Kelk 2013, but Malwarebytes blocked it, message in the attachment. thanks Share this post Link to post Share on other sites
alghorabaa #6 Posted January 21 Hi, Thanks, I had to delete hubblecache one more time, and restore the file from (quarantined), and it seems to be working normally now. Many thanks Share this post Link to post Share on other sites
alghorabaa #7 Posted January 22 Hi, I manually scanned the application folder and got two files infected with (trojan.malpack.themida): xu/k2kmath.dll xu8/hshardll.dll They were among the files I uploaded yesterday Share this post Link to post Share on other sites
shadowwar #8 Posted January 22 hmm they are showing whitelisted on this end. Can you please post the scan log? Share this post Link to post Share on other sites
alghorabaa #9 Posted January 22 Hi, It is very strange, I have two computers, one of them shows 2 infections, and the other one shows 10 infections on manual scan, both of them were updated and file (hubblecache) was deleted many times, and machines were restarted several times, the scan log is attached here. thanks result.txt Share this post Link to post Share on other sites
shadowwar #10 Posted January 22 These aren't blocked anyway from communicating with us are they? Hubble gets its information from the cloud about whitelisting the files. Share this post Link to post Share on other sites
alghorabaa #11 Posted January 22 apart from that, (Kelk 2013) works without problems, check attachments please. Share this post Link to post Share on other sites
shadowwar #12 Posted January 22 The best i can say is to add them to your ignore list. Something is blocking your communication to our hubble cloud. We have seen this in the past with modified copies of the hosts file. Either Malware can modify the hosts file or Pirated copies of MBAM sometimes add entries to the hosts file to block license checks. Share this post Link to post Share on other sites
alghorabaa #13 Posted January 22 Apart from that, (Kelk 2013) works without problems, check attachments please. Share this post Link to post Share on other sites
alghorabaa #14 Posted January 22 No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments. Share this post Link to post Share on other sites
alghorabaa #15 Posted January 22 No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments. Share this post Link to post Share on other sites
shadowwar #16 Posted January 22 The best i can say then is to add to the ignore list. From the files you sent originally i verified they are all currently whitelisted in the cloud. Share this post Link to post Share on other sites
shadowwar #17 Posted January 22 You can also pm me the mbamservice.log located in C:\ProgramData\Malwarebytes\MBAMService\logs and i can see what is happening with the detections. Share this post Link to post Share on other sites
alghorabaa #18 Posted January 22 I guess it is all because of internet, it is not stable at all due to the cut of the internet undersea cable, the whole country suffers from slow internet, check this link: https://www.wired.com/story/yemen-internet-blackout-undersea-cable/ Share this post Link to post Share on other sites
shadowwar #19 Posted January 22 That could be very well it. The mbamservice.log will show if hubble calls timed out. Share this post Link to post Share on other sites
alghorabaa #20 Posted January 22 I am trying to upload the whole log folder to you through PM, rar file is 3.7 mb which is to big to be uploaded due to slow internet Share this post Link to post Share on other sites
shadowwar #21 Posted January 22 Well if you want search for one of the file names detected in the mbamservice.log. Give me the 5 lines before and after the filename and post it here. Share this post Link to post Share on other sites
alghorabaa #22 Posted January 22 File sent to your pm Share this post Link to post Share on other sites
