Jump to content

Recommended Posts

Hi,
I put them all in RAR file, 11 files since one file is located at two folder so there was no need to make two copies of it, I also added two files (Kelk2K.exe, Kelk2KR.exe) since Malwarebytes classified them as (MachineLearning/Anomalous.100%) and as Kelk developers gives a note to exclude these two files from Antivirus scan rules, thanks

files_detected.rar

Share this post


Link to post
Share on other sites

This should be fixed in about 10 mins.

If still detected on your end after ~10 minutes from now. Perform the following steps: 

  1. Totally exit/shutdown Malwarebytes.
  2. Go to here in explorer: C:\ProgramData\Malwarebytes\MBAMService
  3. Delete the following file only: hubblecache
  4. Then you can restart MBAM and the cache file will rebuild on the next scan.

 

 

Share this post


Link to post
Share on other sites

Hi,
I updated Malwarebytes, and restarted my laptop, and even deleted hubblecache following the steps you had given, and restarted again, and opened Kelk 2013, but Malwarebytes blocked it, message in the attachment.
thanks

kk.png

Share this post


Link to post
Share on other sites

Hi,

Thanks, I had to delete hubblecache one more time, and restore the file from (quarantined), and it seems to be working normally now.

Many thanks

Share this post


Link to post
Share on other sites

Hi,

I manually scanned the application folder and got two files infected with (trojan.malpack.themida):

xu/k2kmath.dll

xu8/hshardll.dll

They were among the files I uploaded yesterday

Share this post


Link to post
Share on other sites

Hi,
It is very strange, I have two computers, one of them shows 2 infections, and the other one shows 10 infections on manual scan, both of them were updated and file (hubblecache) was deleted many times, and machines were restarted several times, the scan log is attached here.
thanks

result.txt

Share this post


Link to post
Share on other sites

These aren't blocked anyway from communicating with us are they? Hubble gets its information from the cloud about whitelisting the files.

Share this post


Link to post
Share on other sites

The best i can say is to add them to your ignore list. Something is blocking your communication to our hubble cloud. We have seen this in the past with modified copies of the hosts file. Either Malware can modify the hosts file or Pirated copies of MBAM sometimes add entries to the hosts file to block license checks.

Share this post


Link to post
Share on other sites

No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments.

Malwarebytes.png

host.png

Share this post


Link to post
Share on other sites

No I don't use pirated copy, and my host file is ok, nothing blocks the communication but internet is very slow, please check the attachments.

Share this post


Link to post
Share on other sites

The best i can say then is to add to the ignore list. From the files you sent originally i verified they are all currently whitelisted in the cloud.

Share this post


Link to post
Share on other sites

You can also pm me the mbamservice.log located in C:\ProgramData\Malwarebytes\MBAMService\logs and i can see what is happening with the detections.

Share this post


Link to post
Share on other sites

I am trying to upload the whole log folder to you through PM, rar file is 3.7 mb which is to big to be uploaded due to slow internet

Share this post


Link to post
Share on other sites

Well if you want search for one of the file names detected in the mbamservice.log. Give me the 5 lines before and after the filename and post it here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.