Jump to content

MBAM ransomware false positive?!


Recommended Posts

Hi,

I have and old game file that was detected as a ransomware and i think its a false positive.

The main issue is that now i CANNOT access the file anymore, MBAM "quarantined" the file but not, so its not in the quarantine and the best part is that i cannot access the file. MBAM took ownership of the file (i think) and i cant do anything with it..... I wanted to upload the file to virustotal to see if it really has some issues but because the file owner is unknown/system/whoknows and administrator cant access the file (nor cant i take ownership of the file in any way, nor can i add myself as a co, part or any access to the file. I tried in command prompt takeown ,and right click properties security too nothing works.)

So its not anywhere in mbam either sadly:(

In previous detections i can see that there is a log that it got detected, and quarantined but the quarantine is empty...

this is the detection log: (was in native language so i took the liberty to translate this to english, so sorry if there are a few mistakes:))

Malwarebytes
www.malwarebytes.com

-Log-
Detection date: 2020. 04. 14.
Detection time: 23:27
Log file: b8827562-7e96-11ea-8322-dc5360bb7622.json

-Software data-
Version 4.1.0.56
Detection version: 1.0.867
Update version: 1.0.22250
License: Trial

-System info-
Operation system: Windows 8.1
Processor: x64
Filesystem: NTFS
User: System

-Ransomware details-
File: 1
Malware.Ransom.Agent.Generic, E:\P\P\Navi.exe, Blocked, 0, 392685, 0.0.0


(end)

So big question:) How do i get ownership back on the file so that i could upload this to here and/or virustotal to check if its ok or not:)

 

Thank you very much in advance.

TOO

 

ps.: Where can i find that json file btw:)))

Link to post
Share on other sites

Found the .json file and the hash:

https://www.virustotal.com/gui/file/36272495ea03ea81fc5c02d415a1aea06704f32fc2c8217f34700cbe52952103/detection

so its a false positive, at least i think it is.:) Could i get my file back somehow please:) Not that i need it that urgently (or at all, i have backup etc... but .....:)) but would be nice to know how to get it back:) U know I'm more curious then concerned.... Or did i stumble on a new ransomware????? I think not, but let me know:)

Link to post
Share on other sites
  • Staff

Its a fp and has been fixed. To release the hold on the file you would have to reboot first then when malwarebytes comes back up after the reboot you should be able to restore it from quarantine.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.