Jump to content

MB4 Offline Setup Suspicious Download


1PW
Go to solution Solved by 1PW,

Recommended Posts

  • 3 weeks later...

@gonzo

Hiya Mike:

Despite yesterday's release (and installation) of MBG 2.2.5, my version for Firefox 77.0.1 for macOS Catalina 10.15.5 (19F101) (Supplemental) still sees the off-line MB4 installer download as suspicious while it has not failed for Chrome on my MacBookPro11,3.

HTH

Link to post

@gatortail

Hello Matt:

47 minutes ago, gatortail said:

If it's still happening could you please download your debug logs from the support page link? 

Yes, the suspicious warning still occurs as reported above.  I made another download attempt shortly after noon Pacific (19:01Z) and a MBG debug log request/upload was made directly.

Please let me know if I can assist further.

Pete

Link to post
  • 8 months later...

Was also looking up this when Kaspersky alerted a trojan in the download:

Event :	Malicious object detected
User :	FIRETYPE\Growlithe
User type :	Active user
Application name :	IDMan.exe
Application path :	C:\Program Files (x86)\Internet Download Manager
Component :	File Anti-Virus
Result description :	Detected
Type :	Trojan
Name :	HEUR:Trojan.Win32.DllHijacker.gen
Precision :	Partially
Threat level :	High
Object type :	File
Object name :	data0002.res
Object path :	B:\Sandbox\1\user\current\AppData\Roaming\IDM\DwnlData\Growlithe\mb4-setup-consumer-4_955\mb4-setup-consumer-4.exe//
MD5 :	1B077624CAE83D4665C26AE6413DE140
Reason :	Expert analysis
Databases release date :	Today, 28/02/2021 5:36:00 PM

According to Kaspersky, it reckons the offending file is data0002.res.  Virustotal also says the samething from Jiangmin 9but nothing from Kaspersky's detection, since mine was heuristics and not signature based which is what virustotal presumably uses to check uploaded files against...):

444.thumb.PNG.7d9af63be95035eff8e0f31bfffda848.PNG

Probably what 1PW's issue is caused by....

Link to post

Oh apparently I can't edit my previous post.... Well I thought I had somehow clicked on a malware infested site prior to downloading a new copy which infected the browser forcing every download to include its trojan variant. So I promptly disconnected from the internet, did a full scan with Kaspersky Internet Security Suite and then Spybot Search and Destroy....next up was gonna be Malwarebytes (but dunno if I should click the installer if Kasperskys says its got a trojan in it) which I tried downloading from a second computer that I hadn't visited the same sites I did with my previous computer. Need more layers....can never be too sure...think I'll scan with SuperAntiSpyware next....and use sandboxie on this scanned machine more....any recommendations on HIPs(besides Spybot which I already have)? Used to run Online Armor, not sure what happened to them....🤔

Anyways, peace! ✌️

Link to post
  • Solution

Hello to All:

Lest folks might believe I might still be experiencing a very isolated suspicious download issue with Malwarebytes' MB4 offline installer using Firefox w/MBG on macOS, my issues were definitely resolved in mid-2020 (many MBG revisions ago).

As in many previous months, I gladly updated to the latest MBG today and of course I do not predict any issues.

HTH and cheers

  • Like 1
Link to post

Hmmm....interesting.....had it download via sandboxed firefox and that's when kaspersky deleted the file. On the other computer, same firefox version but unsandboxied and kaspersky blocked the download (or tried to...but then promptly deleted the file once he file was fully downloaded). Using direct link with IDM, Kaspersky doesn't seem to mind.....🤔 Very peculiar....

Ok, so what's your comment on that Jiangmin scanner that seems to have picked up the same thing as Kaspersky?

Link to post

There are a lot of scanners out there.  Some catch everything (real or imagined), and some catch nothing.  As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners.  There are some I trust more than others, and that's as far as I go in that direction.  If you are using a version of Firefox that is that old, you're asking for trouble.

Link to post
On 3/5/2021 at 1:44 AM, gonzo said:

There are a lot of scanners out there.  Some catch everything (real or imagined), and some catch nothing.  As an employee of a company who could be seen as a competitor, its best not to comment on specific scanners.  There are some I trust more than others, and that's as far as I go in that direction.  If you are using a version of Firefox that is that old, you're asking for trouble.

You can't comment even as an individual rather than as an employee?

Yeah well....the addons I use doesn't work on the newer firefox version since they changed the gecko engine to quantum and touted (if I remember) that the old addons will work if ported to use the quantum engine; well some did and some didn't....the ones that didnt was because they require something that is now restricted or limited in the quantum version so it's impossible to port over....and the others, well the author have abandoned them....

Link to post
  • 7 months later...
4 hours ago, ZarokNion said:

I just tried to download the malwarebytes offline installer and kaspersky antivirus jumped me saying it was a virus.
here it is more detailed:
Event: A malicious object was detected.
User: DESKTOP-RHJ5VQ4\ZarokNion
User type: Active user
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application.
Component: File Anti-Virus
Result description: Detected
Type: Trojan
Name: HEUR:Trojan.Win32.DllHijacker.gen
Accuracy: Partial
Threat level: High
Object type: File
Object Name: data0002.res

Object Patch:C:\Users\ZarokNion\Downloads\Unconfirmed 689164.crdownload

MD5: 80C2B6D87BE50EAA288C2981A85BA3E5
Reason: Expert analysis
Databases Release Date: Today, 10/20/2021 05:11:00 p. m.

Hah, I remember this from when I first got this! But you used chrome instead of firefox that I did and I even used sandboxie too as an extra layer! Looks like it's not an isolated issue after all since I'm not the only one who had it happened to. Anyways, it looks like Kaspersky hasn't fixed their whitelist yet or they whitelist by hash and your MD5 hash is different to mine which means they'll need to add in the new hash to their whitelist....

I don't believe I got told what was causing their scanner to pick it up as a trojan....just got told "fake positive, deal with it."

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.