Jump to content
chinook9

Chrome Browser Treated as Ransomware

Recommended Posts

Malwarebytes Premium (latest)  shuts down my Chrome browser Version Version 83.0.4103.116 as thought it is ransomware.  This happens daily and has happened twice today.  Following is  one of the reports.  The others are identical:

-Log Details-
Protection Event Date: 6/28/20
Protection Event Time: 7:11 PM
Log File: e053f7d0-b9ad-11ea-a5a1-408d5c59000d.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.955
Update Package Version: 1.0.26127
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 3
Malware.Ransom.Agent.Generic, C:\Users\Brian2012\Desktop\new_chrome - Shortcut.lnk, Blocked, 0, 392685, 0.0.0
Malware.Ransom.Agent.Generic, C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe, Blocked, 0, 392685, 0.0.0
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, 0, 392685, 0.0.0


(end)
 

Share this post


Link to post
Share on other sites

Forgot to mention that  rebooting solves the problem temporarily.

Also, I'm running Chrome in Sandboxie.

Share this post


Link to post
Share on other sites
1 hour ago, chinook9 said:

Version: 4.1.0.56
Components Version: 1.0.955

Do a manual check for updated as there is a new released version. See if that helps.

 

Update MB.png

Share this post


Link to post
Share on other sites

Thank you.  Update done!

It was set to be updated automatically but had not happened.

Thank you. I'll report back if not fixed.

 

Share this post


Link to post
Share on other sites
53 minutes ago, chinook9 said:

It was set to be updated automatically but had not happened.

The company has program updates pushed through the normal updater (the one that checks for database updates) metered in such a way that it is throttled so not every user is offered the new build once it has been released, so it becomes a matter of probability and is somewhat random.  This means that you might be offered it early, or it might take a really long time before it is offered to you, it just all depends.  Basically a luck of the draw kind of deal.

Share this post


Link to post
Share on other sites

After the updates still have the problem. Crashed twice in the last 24 hours. 

here are both reports:

Log Details-
Protection Event Date: 6/30/20
Protection Event Time: 7:23 PM
Log File: cb770376-bb41-11ea-be4c-408d5c59000d.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.972
Update Package Version: 1.0.26213
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, 0, 392685, 0.0.0

 

-Log Details-
Protection Event Date: 7/1/20
Protection Event Time: 9:03 AM
Log File: 70ac6756-bbb4-11ea-ac0f-408d5c59000d.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.972
Update Package Version: 1.0.26245
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, 0, 392685, 0.0.0

Any chance reinstalling Chrome would make a difference.

Any help would be appreciated.  
 

Share this post


Link to post
Share on other sites
59 minutes ago, chinook9 said:

Any chance reinstalling Chrome would make a difference.

Any help would be appreciated.  

 

22 hours ago, chinook9 said:

Also, I'm running Chrome in Sandboxie.

This could be the issue. Does it happen when you run it normally?

Share this post


Link to post
Share on other sites
15 minutes ago, chinook9 said:

It also happens when running outside the sandbox.

I going to get you topic moved to the correct section for more assistance. While we wait please do the following.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support xxx.xx.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Share this post


Link to post
Share on other sites
7 minutes ago, chinook9 said:

Logs file is attached.mbst-grab-results.zip

Thanks, The only suggestions I have are the following. I also want to have your topic moved so it can be investigated as a False Positive.

I suggest turning off fast startup in Windows. Then restart.

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

 

I would  also recommend creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues.  Please add the items listed in this support article to Your AV 's allow list(s)/trust list(s)/exclusion list(s) particularly for any of its real-time protection components and likewise add Your AV 's program folder(s) (likely located under C:\Program Files and/or C:\Program Files (x86)) to Malwarebytes' Allow List using the method described under the Allow a file or folder section of this support article and do the same for its primary data folder which is likely located under C:\ProgramData (you may need to show hidden files and folders to see it).

Share this post


Link to post
Share on other sites
1 hour ago, Porthos said:

Thanks, The only suggestions I have are the following. I also want to have your topic moved so it can be investigated as a False Positive.

I suggest turning off fast startup in Windows. Then restart.

https://www.tenforums.com/tutorials/4189-turn-off-fast-startup-windows-10-a.html

 

I would  also recommend creating exclusions between Malwarebytes and Your AV to help prevent any possible conflicts or performance issues.  Please add the items listed in this support article to Your AV 's allow list(s)/trust list(s)/exclusion list(s) particularly for any of its real-time protection components and likewise add Your AV 's program folder(s) (likely located under C:\Program Files and/or C:\Program Files (x86)) to Malwarebytes' Allow List using the method described under the Allow a file or folder section of this support article and do the same for its primary data folder which is likely located under C:\ProgramData (you may need to show hidden files and folders to see it).

Will do.

 

Thank you very much.

Share this post


Link to post
Share on other sites

Can you please attach this file so we can see what may be going on?

Thanks.

C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG

Share this post


Link to post
Share on other sites

shadowwar

Cannot upload .bk1 file and cannot zip anything.  Using 7-Zip I get access is denied message.

 

Share this post


Link to post
Share on other sites

You may have to shutdown malwarebytes from the system tray to zip the file. after you attach it here then you can reenable malwarebytes. The malwarebytes self protection is not allowing changes in that directory. 

Share this post


Link to post
Share on other sites
Posted (edited)

Hi @Chinook,

Thank you for the logs.

  • Could you provide more detail on what you are specifically doing with Chrome when the block occurs?
  • Is it a consistent set of actions that result in the block occurring?
  • If you launch Chrome without extensions or plugins loaded, does the issue still occur?
    • Close all instances of Chrome.
    • Press the Windows Key + R on your keyboard at the same time and enter: Chrome.exe --disable-extensions --disable-plugins


Please do the following:

  • Download and run Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
  • Reproduce the Chrome block.
  • Stop the Process Monitor capture (File -> click "Capture Events" to remove the checkmark).
  • Save the output (File -> click "Save..."), zip it up, upload to a file hosting service of your choice (WeTransfer.com, Google Drive, OneDrive, etc) and share the download link.
  • Rerun the Malwarebytes Support Tool, gather logs and attach the new mbst-grab-results.zip.
Edited by LiquidTension

Share this post


Link to post
Share on other sites

I started running Process Monitor this morning.  After a few hours my computer crashed.  I rebooted and started process monitor again.  While I was away from the PC eating dinner, the browser and Process Monitor both crashed.  Malwarebytes does not show the ransomware/Chrome problem in the log all day. 

I could not determine if Process Monitor had saved logs from the two times when it crashed.

Have started process monitor again.

 

Share this post


Link to post
Share on other sites

Just had the "ransomware" problem but I could not remember everything to do.  I saved the process monitor file but did not uncheck "capture events"   Also didn't run Malwarebytes tool.

Process monitor is running now.  I will get it right.

Share this post


Link to post
Share on other sites

Didn't have any problem yesterday except Process Monitor crashed twice.  

Share this post


Link to post
Share on other sites

Yesterday I had a problem with my display.  I found that my display adapter driver was out of date.  After updating this driver I have not had any problems at all.

I will post again if I have any more problem with the chrome/ransomware crash.

You help is really appreciated.

Share this post


Link to post
Share on other sites

What GPU do you have?  I'd like to know in case other users see this issue and in case it is something Malwarebytes might need to look into on their end.

Share this post


Link to post
Share on other sites

Well, it turns out that I still have the problem.  I did not have Process Monitor running but I will start it again.

Malwarebytes recorded the same ransomeware message as previously: 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/8/20
Protection Event Time: 4:25 PM
Log File: 4c68a882-c172-11ea-8108-408d5c59000d.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.972
Update Package Version: 1.0.26585
License: Premium

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 1
Malware.Ransom.Agent.Generic, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, 0, 392685, 0.0.0


(end)

The GPU is the onboard graphics Gigabyte H170N-WiFi motherboard using i3-6100.

I expect I will have a crash in the next couple of days.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.