Jump to content
PharmaBoy

Office - false positives for Word and Office

Recommended Posts

All - I got several "ransom.ware.generic" errors starting on ~25 June for Word and Outlook.  I submitted a request on 26 June - no answer.  I'm not sure what 'normal' is as to replies.

Is anyone able to advise me if these are truly false positives?  And if they have been resolved?  Thank you. 

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Malwarebytes protected you from from an attack of Ransomware .

https://blog.malwarebytes.com/detections/malware-ransom-agent-generic/

===

For your peace of mind or if you have issues with your computer we can check it further.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please Attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please attach the log for my review.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

Nasdaq - many thanks.  I downloaded and ran that program.  There was no "Fixit" file. I did not see any obvious problems in the logs.   (Not sure how confidential this forum is  - so didn't upload the details logs).  I also uploaded Malwarebytes and ran another scan.  Nothing found.   Do you think I can safely assume this was a false positive previously?  Thanks. 

Share this post


Link to post
Share on other sites
Posted (edited)

Hi,

If you executed the Farbar program and post the logs we have requested we will peruse them.

If malware is found we will provide you with a Fixlist.txt.

If your computer is running well then no apparent damage was cause.

You can honestly trust this Forum and the helpers.

All have been trained and qualified to help.

Your call if you want me to check your logs.

 

 

 

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

This is a known issue at the moment, that is being worked on. Please see 

 

 

Share this post


Link to post
Share on other sites

All - I think I am involved in two different posts about this same issue - "false positive" ransome.ware generic for Word, Outlook, and now WinZip.  I've run the suggested fixlist and rebooted.  I guess that feedback will be no news is good news - i.e., no more false positives.  

Share this post


Link to post
Share on other sites

Not sure if I am replying on the correct thread.  FYI, Upgraded to the beta as recommended on 3July.  Unfortunately, I had a ransome.ware detection that shut down word today.  So I suggest it did not work as intended. 

Share this post


Link to post
Share on other sites

Sorry for the delay - work issues.  I updated Malwarbytes, and removed the Office folder from the "allow list".  I've now used the machine for >= 24 hours, and no detection problems.  Note that I was never able to find a virus using Malwarebytes or any other program.  So...cross my fingers...it's seems your program updates have helped with the false positive issue.  Thank you for your efforts. 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.