Jump to content

MBAM persistently finds ransomware in Firefox.exe


OldGrantonian

Recommended Posts

This post reports the same exactly the same MBAM issue with Firefox as my other recent post, which refers to Chrome:

https://forums.malwarebytes.com/topic/261606-mbam-persistently-finds-ransomware-in-chromeexe/

The above thread was closed when I said that I had no more problems. In fact, the problem re-occurred later with Chrome, so I've changed my browser to Firefox. (I've been planning to change to FF even before this MBAM isssue.)

But now exactly the same problem has occurred with FF, hence this new post. I've already done the work, so this post is only for record purposes to help the folks on this forum.

Here's the current FF status:

I have carried out exactly the same troubleshooting as for Chrome:

 - Scan with the online ESET scanner
 - Scan with Kaspersky Virus Removal Tool (KVRT)

Both tools showed no issues.

I've now been asked by MBAM Help Desk to run FF outside Sandboxie (which I normally use), to determine whether the problem lies with SB.

I'm not comfortable running outside SB on behalf of MBAM Help Desk. They will have massive quarantine facilities and hundreds of standalone servers for testing Firefox+Sandboxie. I have only one laptop.

Here's my current plan of action.

I always have my data files backed up (1) in the cloud, and (2) on an external hard drive. My system is backed up with Macrium images.  

So, I have added Chrome and Firefox to the MBAM "Allow List".

If I have a ransomware attack due to the Allow List, I'm well prepared to restore my system quickly. If that happens, I'll post on one of the forums frequented by @bo elam - the #1 Sandboxie guru and ask for his opinion regarding SB+FF.

BTW: @bo elam hangs out on TenForums Security and Wilders Security forums.

Thanks.

.

Link to post
Share on other sites

Just an update to help any users who might have ransomware problems with Firefox or Chrome.

  (1) I've had no problems with ransomware since I added the following EXE files to the MBAM "Allow List":

 - chrome.exe
 - firefox.exe
 - plus many others as in the screenshots

 (2) Before adding these two files, my browser terminated abnormally 2-3 times per day.

Here's how someone with my simple mind interprets the results of these tests.

 - Assume that the ransomware problem with the EXE files is GENUINE.
 - Then test (2) above is behaving correctly (assuming that throwing the user out of the browser is Working As Designed).
 - Therefore my laptop should now be unusable, and I should be receiving requests from the ransomware developer for money.
 - But my laptop is fine, and I've had no requests.
 - Therefore, THERE IS NO RANSOMWARE.

Thanks.

2020-08-07 10_28_23-Malwarebytes Premium  4.1.2.png

2020-08-07 10_29_11-Malwarebytes Premium  4.1.2.png

2020-08-07 10_29_56-Malwarebytes Premium  4.1.2.png

Link to post
Share on other sites

  • Root Admin

I would highly suggest to anyone that you do not try adding Firefox or Chrome to your Allow list as this will greatly reduce the security of your system.

I'm not sure why but only your system and one other that I'm aware of are experiencing this issue.

Please work with @LiquidTension for help in resolving the issue in a safe manner.

Thank you

 

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.