Jump to content

MB4 Offline Setup Suspicious Download


1PW
Go to solution Solved by 1PW,

Recommended Posts

  • 3 weeks later...

@gonzo

Hiya Mike:

Despite yesterday's release (and installation) of MBG 2.2.5, my version for Firefox 77.0.1 for macOS Catalina 10.15.5 (19F101) (Supplemental) still sees the off-line MB4 installer download as suspicious while it has not failed for Chrome on my MacBookPro11,3.

HTH

Link to post

@gatortail

Hello Matt:

47 minutes ago, gatortail said:

If it's still happening could you please download your debug logs from the support page link? 

Yes, the suspicious warning still occurs as reported above.  I made another download attempt shortly after noon Pacific (19:01Z) and a MBG debug log request/upload was made directly.

Please let me know if I can assist further.

Pete

Link to post
  • 8 months later...

Was also looking up this when Kaspersky alerted a trojan in the download:

Event :	Malicious object detected
User :	FIRETYPE\Growlithe
User type :	Active user
Application name :	IDMan.exe
Application path :	C:\Program Files (x86)\Internet Download Manager
Component :	File Anti-Virus
Result description :	Detected
Type :	Trojan
Name :	HEUR:Trojan.Win32.DllHijacker.gen
Precision :	Partially
Threat level :	High
Object type :	File
Object name :	data0002.res
Object path :	B:\Sandbox\1\user\current\AppData\Roaming\IDM\DwnlData\Growlithe\mb4-setup-consumer-4_955\mb4-setup-consumer-4.exe//
MD5 :	1B077624CAE83D4665C26AE6413DE140
Reason :	Expert analysis
Databases release date :	Today, 28/02/2021 5:36:00 PM

According to Kaspersky, it reckons the offending file is data0002.res.  Virustotal also says the samething from Jiangmin 9but nothing from Kaspersky's detection, since mine was heuristics and not signature based which is what virustotal presumably uses to check uploaded files against...):

444.thumb.PNG.7d9af63be95035eff8e0f31bfffda848.PNG

Probably what 1PW's issue is caused by....

Link to post

Oh apparently I can't edit my previous post.... Well I thought I had somehow clicked on a malware infested site prior to downloading a new copy which infected the browser forcing every download to include its trojan variant. So I promptly disconnected from the internet, did a full scan with Kaspersky Internet Security Suite and then Spybot Search and Destroy....next up was gonna be Malwarebytes (but dunno if I should click the installer if Kasperskys says its got a trojan in it) which I tried downloading from a second computer that I hadn't visited the same sites I did with my previous computer. Need more layers....can never be too sure...think I'll scan with SuperAntiSpyware next....and use sandboxie on this scanned machine more....any recommendations on HIPs(besides Spybot which I already have)? Used to run Online Armor, not sure what happened to them....🤔

Anyways, peace! ✌️

Link to post
  • Staff

You never mentioned where you were attempting to download FROM.  Malwarebytes would be a great program to infect, knowing that people would use it to avoid infection. 

Link to post
  • Solution

Hello to All:

Lest folks might believe I might still be experiencing a very isolated suspicious download issue with Malwarebytes' MB4 offline installer using Firefox w/MBG on macOS, my issues were definitely resolved in mid-2020 (many MBG revisions ago).

As in many previous months, I gladly updated to the latest MBG today and of course I do not predict any issues.

HTH and cheers

  • Like 1
Link to post
  • Staff

I just answered here because I have no clue where to properly move the add-on portion of the thread until I have enough data to work with.

Link to post

Hmmm....interesting.....had it download via sandboxed firefox and that's when kaspersky deleted the file. On the other computer, same firefox version but unsandboxied and kaspersky blocked the download (or tried to...but then promptly deleted the file once he file was fully downloaded). Using direct link with IDM, Kaspersky doesn't seem to mind.....🤔 Very peculiar....

Ok, so what's your comment on that Jiangmin scanner that seems to have picked up the same thing as Kaspersky?

Link to post
  • Staff

There are a lot of scanners out there.  Some catch everything (real or imagined), and some catch nothing.  As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners.  There are some I trust more than others, and that's as far as I go in that direction.  If you are using a version of Firefox that is that old, you're asking for trouble.

Link to post
On 3/5/2021 at 1:44 AM, gonzo said:

There are a lot of scanners out there.  Some catch everything (real or imagined), and some catch nothing.  As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners.  There are some I trust more than others, and that's as far as I go in that direction.  If you are using a version of Firefox that is that old, you're asking for trouble.

You can't comment even as an individual rather than as an employee?

Yeah well....the addons I use doesn't work on the newer firefox version since they changed the gecko engine to quantum and touted (if I remember) that the old addons will work if ported to use the quantum engine; well some did and some didn't....the ones that didnt was because they require something that is now restricted or limited in the quantum version so it's impossible to port over....and the others, well the author have abandoned them....

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.