1PW Posted May 20, 2020 Author ID:1382344 Share Posted May 20, 2020 (edited) The above issue seems to have sustained using Apple's macOS 10.15.4 (19E287) Catalina, Firefox 76.0.1 (64-bit) for Mac, and today's MBG 2.2.3 extension update. https://downloads.malwarebytes.com/file/mb4_offline Edited May 20, 2020 by 1PW Link to post
1PW Posted May 20, 2020 Author ID:1382515 Share Posted May 20, 2020 Hello Team: MBG 2.2.4 has resolved the issue above. Thank you as always. Link to post
1PW Posted June 8, 2020 Author ID:1386653 Share Posted June 8, 2020 (edited) https://data-cdn.mbamupdates.com/web/mb4-setup-consumer/offline/mb4-setup-consumer-4.1.0.167-1.0.931-1.0.25008.exe Edited June 8, 2020 by 1PW Link to post
gonzo Posted June 8, 2020 ID:1386685 Share Posted June 8, 2020 Working fine here in Firefox and Chrome on Windows. Link to post
1PW Posted June 9, 2020 Author ID:1386873 Share Posted June 9, 2020 @gonzo Hiya Mike: Despite yesterday's release (and installation) of MBG 2.2.5, my version for Firefox 77.0.1 for macOS Catalina 10.15.5 (19F101) (Supplemental) still sees the off-line MB4 installer download as suspicious while it has not failed for Chrome on my MacBookPro11,3. HTH Link to post
Porthos Posted June 9, 2020 ID:1386879 Share Posted June 9, 2020 Always something weird on MacOS that we do not see on Windows. Link to post
Staff gatortail Posted June 9, 2020 Staff ID:1386908 Share Posted June 9, 2020 @1PW We are unable to replicate this on Macs here. If it's still happening could you please download your debug logs from the support page link? Link to post
1PW Posted June 9, 2020 Author ID:1386917 Share Posted June 9, 2020 @gatortail Hello Matt: 47 minutes ago, gatortail said: If it's still happening could you please download your debug logs from the support page link? Yes, the suspicious warning still occurs as reported above. I made another download attempt shortly after noon Pacific (19:01Z) and a MBG debug log request/upload was made directly. Please let me know if I can assist further. Pete Link to post
1PW Posted June 9, 2020 Author ID:1386952 Share Posted June 9, 2020 The debug logs were zipped & PM'd as requested. Good luck to all and be safe. Link to post
Staff gatortail Posted June 10, 2020 Staff ID:1387045 Share Posted June 10, 2020 It appears that you have your own local html file with a link to download mbam. the local html file is referring to the download link and that site isn't whitelisted so it get's blocked. Chrome isn't passing the referrer so it works but Firefox does. Please try whitelisting your local file. Link to post
1PW Posted June 10, 2020 Author ID:1387075 Share Posted June 10, 2020 Hello Matt: Whitelisting the generic mb4_offline URL (from my post #1) as malware, allows the current redirected URL to successfully download its executable file. Will that be the final solution? Pete Link to post
Staff gatortail Posted June 10, 2020 Staff ID:1387095 Share Posted June 10, 2020 Hi Pete, Yes, or use the offline installer link directly. Best, Matt Link to post
Collector Posted February 28, 2021 ID:1441933 Share Posted February 28, 2021 Was also looking up this when Kaspersky alerted a trojan in the download: Event : Malicious object detected User : FIRETYPE\Growlithe User type : Active user Application name : IDMan.exe Application path : C:\Program Files (x86)\Internet Download Manager Component : File Anti-Virus Result description : Detected Type : Trojan Name : HEUR:Trojan.Win32.DllHijacker.gen Precision : Partially Threat level : High Object type : File Object name : data0002.res Object path : B:\Sandbox\1\user\current\AppData\Roaming\IDM\DwnlData\Growlithe\mb4-setup-consumer-4_955\mb4-setup-consumer-4.exe// MD5 : 1B077624CAE83D4665C26AE6413DE140 Reason : Expert analysis Databases release date : Today, 28/02/2021 5:36:00 PM According to Kaspersky, it reckons the offending file is data0002.res. Virustotal also says the samething from Jiangmin 9but nothing from Kaspersky's detection, since mine was heuristics and not signature based which is what virustotal presumably uses to check uploaded files against...): Probably what 1PW's issue is caused by.... Link to post
Collector Posted February 28, 2021 ID:1441934 Share Posted February 28, 2021 Oh apparently I can't edit my previous post.... Well I thought I had somehow clicked on a malware infested site prior to downloading a new copy which infected the browser forcing every download to include its trojan variant. So I promptly disconnected from the internet, did a full scan with Kaspersky Internet Security Suite and then Spybot Search and Destroy....next up was gonna be Malwarebytes (but dunno if I should click the installer if Kasperskys says its got a trojan in it) which I tried downloading from a second computer that I hadn't visited the same sites I did with my previous computer. Need more layers....can never be too sure...think I'll scan with SuperAntiSpyware next....and use sandboxie on this scanned machine more....any recommendations on HIPs(besides Spybot which I already have)? Used to run Online Armor, not sure what happened to them....🤔 Anyways, peace! ✌️ Link to post
gonzo Posted March 1, 2021 ID:1442081 Share Posted March 1, 2021 You never mentioned where you were attempting to download FROM. Malwarebytes would be a great program to infect, knowing that people would use it to avoid infection. Link to post
Solution 1PW Posted March 1, 2021 Author Solution ID:1442095 Share Posted March 1, 2021 Hello to All: Lest folks might believe I might still be experiencing a very isolated suspicious download issue with Malwarebytes' MB4 offline installer using Firefox w/MBG on macOS, my issues were definitely resolved in mid-2020 (many MBG revisions ago). As in many previous months, I gladly updated to the latest MBG today and of course I do not predict any issues. HTH and cheers 1 Link to post
gonzo Posted March 1, 2021 ID:1442102 Share Posted March 1, 2021 I just answered here because I have no clue where to properly move the add-on portion of the thread until I have enough data to work with. Link to post
Collector Posted March 3, 2021 ID:1442394 Share Posted March 3, 2021 On 3/2/2021 at 12:36 AM, gonzo said: You never mentioned where you were attempting to download FROM. Malwarebytes would be a great program to infect, knowing that people would use it to avoid infection. Here redirected from here. 😁 Link to post
gonzo Posted March 3, 2021 ID:1442444 Share Posted March 3, 2021 No problem noted with either link, using both Firefox and Chrome. Link to post
Collector Posted March 4, 2021 ID:1442603 Share Posted March 4, 2021 Hmmm....interesting.....had it download via sandboxed firefox and that's when kaspersky deleted the file. On the other computer, same firefox version but unsandboxied and kaspersky blocked the download (or tried to...but then promptly deleted the file once he file was fully downloaded). Using direct link with IDM, Kaspersky doesn't seem to mind.....🤔 Very peculiar.... Ok, so what's your comment on that Jiangmin scanner that seems to have picked up the same thing as Kaspersky? Link to post
Collector Posted March 4, 2021 ID:1442604 Share Posted March 4, 2021 Maybe could be I am using firefox 52.9 esr which is way out of date and somehow got a man in the middle attack that slisptreamed some malware as the file is slowly streamed over the net and downloaded....? Link to post
Collector Posted March 4, 2021 ID:1442607 Share Posted March 4, 2021 through some unpatched exploit that is, that is most likely patched in the newer version of firefox AH yes...the antispam mechanism....waiting one minute per post......and with no edit button to bypass this wait.... Link to post
gonzo Posted March 4, 2021 ID:1442643 Share Posted March 4, 2021 There are a lot of scanners out there. Some catch everything (real or imagined), and some catch nothing. As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners. There are some I trust more than others, and that's as far as I go in that direction. If you are using a version of Firefox that is that old, you're asking for trouble. Link to post
Collector Posted March 6, 2021 ID:1442920 Share Posted March 6, 2021 On 3/5/2021 at 1:44 AM, gonzo said: There are a lot of scanners out there. Some catch everything (real or imagined), and some catch nothing. As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners. There are some I trust more than others, and that's as far as I go in that direction. If you are using a version of Firefox that is that old, you're asking for trouble. You can't comment even as an individual rather than as an employee? Yeah well....the addons I use doesn't work on the newer firefox version since they changed the gecko engine to quantum and touted (if I remember) that the old addons will work if ported to use the quantum engine; well some did and some didn't....the ones that didnt was because they require something that is now restricted or limited in the quantum version so it's impossible to port over....and the others, well the author have abandoned them.... Link to post
Collector Posted October 21, 2021 ID:1484790 Share Posted October 21, 2021 4 hours ago, ZarokNion said: I just tried to download the malwarebytes offline installer and kaspersky antivirus jumped me saying it was a virus. here it is more detailed: Event: A malicious object was detected. User: DESKTOP-RHJ5VQ4\ZarokNion User type: Active user Application name: chrome.exe Application path: C:\Program Files\Google\Chrome\Application. Component: File Anti-Virus Result description: Detected Type: Trojan Name: HEUR:Trojan.Win32.DllHijacker.gen Accuracy: Partial Threat level: High Object type: File Object Name: data0002.res Object Patch:C:\Users\ZarokNion\Downloads\Unconfirmed 689164.crdownload MD5: 80C2B6D87BE50EAA288C2981A85BA3E5 Reason: Expert analysis Databases Release Date: Today, 10/20/2021 05:11:00 p. m. Hah, I remember this from when I first got this! But you used chrome instead of firefox that I did and I even used sandboxie too as an extra layer! Looks like it's not an isolated issue after all since I'm not the only one who had it happened to. Anyways, it looks like Kaspersky hasn't fixed their whitelist yet or they whitelist by hash and your MD5 hash is different to mine which means they'll need to add in the new hash to their whitelist.... I don't believe I got told what was causing their scanner to pick it up as a trojan....just got told "fake positive, deal with it." Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now