MobaXterm Malware.Generic.874958581 ?

[biomembrain]

I got a notification from Malwarebytes while running MobaXterm. The program is free, and you can download it to see. I got the notification while trying to run a new connection.

Is this a false positive?

[biomembrain]

I don't know if it has been fixed already. It seems like it may have been a false positive. I figured this out yesterday.

[shadowwar]

please post a log showing the detection.

Thanks.

[biomembrain]

Here's the log showing the detection.

log_moba.txt

[shadowwar]

 i installed from the website and i dont get that file in the install. Can you please zip and attach this file?

 

C:\Users\admin\Documents\MobaXterm\slash\bin\busybox.exe

or go to virustotal.com

upload that file and let it scan

then paste the link to the report here.

 

 

Edited May 31, 2020 by shadowwar

[biomembrain]

I deleted it from Quarantine, the same day. However, I remember how it happened. I pressed the button, start a new connection, in the middle of the MobaXterm program. I only used the program a couple of times, and that's how it happened. Yea, I remember pressing that button, when it happened. Maybe restarting the computer, and relaunching the program does something... I am not sure.

Other users reported the same issues with MobaXterm, and it's in this False Positive forum. I am not sure what others concluded.

Thanks for your help @shadowwar. Have nice food, and nice drinks. You deserve the best. Thank you.  ( ˘▽˘)っ tea, coffee, water, juice,.

[biomembrain]

On 5/28/2020 at 12:43 PM, emptyramenbx said:

Hi y'all!

I've been working with MobaXTerm with sometime. I use it to connect to my local media server. 
I was attempting to organize my files today in the middle of one of the scans, when I saw that Malwarebytes reported something "MXT" on Quarantine.
I quarantined it and did not care. Currently performing a system-wide scan, but I remembered that MXT can be MobaXTerm. Guess I was right, because something called bin/bash was quarantined.
Is this is a false positive? Just for some information: I do have some scripts on the server to facilitate the process of organizing files on the remote machine.
If I execute a bash script on this machine, can the Malwarebytes scan be impacted? Thanks.

 

This topic has the suspected files.

[biomembrain]

Post name:

False Positive on MobaXTerm?

[shadowwar]

i really need the files to fix this as when i install it here i dont get those files.

 

[biomembrain]

I am going to try to get the same result, and get the file, that was in the file detection.

[biomembrain]

Okay, I deleted the 'first setup files' for MobaXTerm... and then I reinstalled it. So it's like a new fresh install.

busybox.exe is in the MobaXterm folder, in the Documents directory. I double clicked busybox.exe, and Malwarebytes didn't detect anything.

Yea, I installed the non-portable version of MobaXterm, the right download button. If you search busy in Windows Explorer while in: Documents --> MobaXTerm folder. You should be able to find this file.

[biomembrain]

I uploaded the file on Virustotal, and it didn't detect anything.

[shadowwar]

can you provide the virustotal link.

 

[biomembrain]

https://www.virustotal.com/gui/file/a6789392282fb826d68ab94d95153507ca503c5a6a1c300db7565073bcaef29e/detection

[shadowwar]

Confirmed this file was whitelisted on may 28th