Jump to content

Recommended Posts

Windows 10 defender is reporting an exe file, has the Azden.B!cl virus, but Malwarebytes says the file is ok. How can I determine which is correct?

I am using Malwarebytes Premium 4.1.2 with all updates.

Thanks!

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites
11 minutes ago, hamguy said:

but Malwarebytes says the file is ok. How can I determine which is correct?

There are items that Defender detects that Malwarebytes does not.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution only.

What type of file is it?

Share this post


Link to post
Share on other sites

It is an ".exe" file - the newest version of VARA for digital HAM radio that all HAM radio operators in the world MUST update to by tomorrow, and only has been available in the last day or two. Hmmm, sounds like a made-for-hackers moment to me, so I didn't just bypass the warning and trust Malwarebytes. Just an hour ago, the creators of VARA verified that there is a problem with their ".exe" installation file, and they will be releasing a fix to it some time later today.

So, my question changes - Azden.B!cl is a serious ransomware threat; why did Malwarebytes not detect it? I attached the zip file that I downloaded which contains the new VARA installation file - so that you can inspect the ".exe" file (but don't run it!).

VARA HF v4.0.1 setup (do not install until June 30th)-1.zip

Share this post


Link to post
Share on other sites
7 minutes ago, hamguy said:

why did Malwarebytes not detect it?

Creation Time 1992-06-19 22:22:17

https://www.virustotal.com/gui/file/e7618dd48b763bd7dcf60a8d85dbbcc7269ec17b6c8604a68c7321bdc699a60a/detection

The file is too old to be in the MB database.

And it was removed from Microsoft's database in the last 2 hours.  Do a manual update for Defender.

 

Share this post


Link to post
Share on other sites

I did a manual update earlier using CMD to "C:\Program Files\Windows Defender>mpcmdrun -SignatureUpdate". I tried that command again, and received a "No updates needed". I rebooted windows 10 and tried running the ".exe" again with the same result. Since the microsoft update is only 2 hours old, it may not have made it around the world to all of their CDN servers. So, I'll try the same thing again tomorrow. Please let me know if it sounds like I am doing things correctly.

Share this post


Link to post
Share on other sites
51 minutes ago, hamguy said:

I did a manual update earlier using CMD to "C:\Program Files\Windows Defender>mpcmdrun -SignatureUpdate". I tried that command again, and received a "No updates needed". I rebooted windows 10 and tried running the ".exe" again with the same result. Since the microsoft update is only 2 hours old, it may not have made it around the world to all of their CDN servers. So, I'll try the same thing again tomorrow. Please let me know if it sounds like I am doing things correctly.

I just did a right click on the file you attached and I get no detection from Defender.

Share this post


Link to post
Share on other sites

You should unzip the ".exe" file first to a safe place on your local hard drive, then do a right click, then select "Scan with Windows Defender". This is the result I see (shows 3 different scans I have run) image.png.0f7d67c247733d3b10c4c648fb7fbb6c.png

Share this post


Link to post
Share on other sites
46 minutes ago, hamguy said:

You should unzip the ".exe" file first to a safe place on your local hard drive, then do a right click, then select "Scan with Windows Defender". This is the result I see (shows 3 different scans I have run)

I did that. ( not my first BBQ)

 

2020-06-30_18h47_40.png

2020-06-30_18h49_26.png

2020-06-30_18h52_53.png

Share this post


Link to post
Share on other sites

Ok, I'm puzzled. Must be something wrong with my use of/or version of windows defender. Thank you for checking it out for me.

Share this post


Link to post
Share on other sites
Just now, hamguy said:

Must be something wrong with my use of/or version of windows defender

What version of 10 are you on.

Share this post


Link to post
Share on other sites

I am running Version 10.0.18363 Build 18363, and have seen advice to NOT update to the latest version of Windows 10 which apparently has serious bugs.

Share this post


Link to post
Share on other sites
40 minutes ago, hamguy said:

and have seen advice to NOT update to the latest version of Windows 10 which apparently has serious bugs.

Some have issues and some don't. It is the song and dance every 6 months. I am fully up to date with 2004. Defender seems to get better with every feature upgrade.

I and 62 of my clients run 2004 with no issue. Getting ready to do 63 and 64 tomorrow. I do some serious prep before upgrade and also do an Image of the computer before just in case.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.