Jump to content

Recommended Posts

20 minutes ago, FailMelon said:

I cannot malwarebytes is preventing me from doing anything with it even on the exclusion list.

Quit Malwarebytes from the system tray and then you should be able to find and zip the file. It is a hidden folder do you will have to enable hidden files.

C:\ProgramData\Oracle\Java\javapath_target_1874761593\javaw.exe

Link to post
Share on other sites

After getting rid of 151 it happened again on my latest version, i don't think it is the file it seems like something at runtime is causing it which is resorting in java itself getting flagged?

Link to post
Share on other sites

I have the same Problem.
Suddenly, on Wednesday, I think, Malwarebytes startet to block javaw.exe as ransomware.
I switched OFF ransomware scanning till Friday.
Switched ransomware scanning ON again on Friday and Malwarebytes wasn't interested anymore in javaw.exe.
I thought, "ok, they updated scanning patterns, it was a false positive".
This morning Malwarebytes blocked javaw.exe as ransomware again.
After I updated Java Runtime to the latest version, there is silence again. I hope, it stays that way.

Link to post
Share on other sites

My hope is gone.
At this moment Malwarebytes blocked javaw.exe again.
I think it is not the java runtime, that causes this.
I'm running a tool, that monitors outgoing and incoming phonecalls, which uses the java runtime.
But I'm using this tool for years, and there was no change or update within the last weeks.
I will have to disable ransomware protection again.

Link to post
Share on other sites

To all posting about the issue. Be sure your Java is up to the latest version. If you do not have any software that requires it, Just uninstall it as it is a security risk.

It is the weekend and researchers might not be available until Monday to fix it.

It would also help if all here can zip up the affected file after a restart and attach it here.

 

Link to post
Share on other sites
51 minutes ago, RGuatta said:

It is the latest version.

Thanks for the file, The researchers might not see the post until Monday.

@cli

Link to post
Share on other sites
  • Staff

Thanks for providing the files, I whitelisted the file. If it is still detected, please add it to your allow list.

Link to post
Share on other sites

Same happened to me. javaw.exe signature seems okay, virustotal result is negative. For now I've added it to the allowlist for ransomware only.

It might be of interest that it only occours after ~30m - 2h of running, seemingly randomly.

Link to post
Share on other sites
  • Staff

Greetings, all affected customers in this topic. Could one or all of you please provide the logs as indicated below?

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Thank you.

Link to post
Share on other sites
  • Staff

Thanks for the logs @CatPasswd!

It's of course your choice, but adding an exclusion from Ransomware only for this executable would keep your system safer, and should address the issue.

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_130862359\javaw.exe

https://support.malwarebytes.com/hc/en-us/articles/360038479234-Add-to-the-Allow-List-in-Malwarebytes-for-Windows-v4

Our developers will be investigating this issue.

Link to post
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.