TheOldOne Posted April 14, 2020 ID:1373205 Share Posted April 14, 2020 Hi, I have and old game file that was detected as a ransomware and i think its a false positive. The main issue is that now i CANNOT access the file anymore, MBAM "quarantined" the file but not, so its not in the quarantine and the best part is that i cannot access the file. MBAM took ownership of the file (i think) and i cant do anything with it..... I wanted to upload the file to virustotal to see if it really has some issues but because the file owner is unknown/system/whoknows and administrator cant access the file (nor cant i take ownership of the file in any way, nor can i add myself as a co, part or any access to the file. I tried in command prompt takeown ,and right click properties security too nothing works.) So its not anywhere in mbam either sadly:( In previous detections i can see that there is a log that it got detected, and quarantined but the quarantine is empty... this is the detection log: (was in native language so i took the liberty to translate this to english, so sorry if there are a few mistakes:)) Malwarebytes www.malwarebytes.com -Log- Detection date: 2020. 04. 14. Detection time: 23:27 Log file: b8827562-7e96-11ea-8322-dc5360bb7622.json -Software data- Version 4.1.0.56 Detection version: 1.0.867 Update version: 1.0.22250 License: Trial -System info- Operation system: Windows 8.1 Processor: x64 Filesystem: NTFS User: System -Ransomware details- File: 1 Malware.Ransom.Agent.Generic, E:\P\P\Navi.exe, Blocked, 0, 392685, 0.0.0 (end) So big question:) How do i get ownership back on the file so that i could upload this to here and/or virustotal to check if its ok or not:) Thank you very much in advance. TOO ps.: Where can i find that json file btw:))) Link to post Share on other sites More sharing options...
TheOldOne Posted April 14, 2020 Author ID:1373211 Share Posted April 14, 2020 Found the .json file and the hash: https://www.virustotal.com/gui/file/36272495ea03ea81fc5c02d415a1aea06704f32fc2c8217f34700cbe52952103/detection so its a false positive, at least i think it is.:) Could i get my file back somehow please:) Not that i need it that urgently (or at all, i have backup etc... but .....:)) but would be nice to know how to get it back:) U know I'm more curious then concerned.... Or did i stumble on a new ransomware????? I think not, but let me know:) Link to post Share on other sites More sharing options...
TheOldOne Posted April 15, 2020 Author ID:1373373 Share Posted April 15, 2020 So for all who would have the same problem. MB FileAssassin solves the problem with the locked file by MBAM. So thx:) You can close the topic thank you. Link to post Share on other sites More sharing options...
Staff shadowwar Posted April 16, 2020 Staff ID:1373549 Share Posted April 16, 2020 Its a fp and has been fixed. To release the hold on the file you would have to reboot first then when malwarebytes comes back up after the reboot you should be able to restore it from quarantine. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now