Stuart1974 Posted November 17, 2020 ID:1421497 Share Posted November 17, 2020 Malwarebytes was doing its routine nightly scan and came up with a trojan downloader for something do with winrar I was just wondering if it is something i need to worry about scan result attached https://gyazo.com/f757077430fe1a4f1c1478afa7204b86 scan report.txt Link to post Share on other sites More sharing options...
Stuart1974 Posted November 17, 2020 Author ID:1421502 Share Posted November 17, 2020 I forgot to add the logs i got from the Malwarebytes Support Tool they are attached below mbst-grab-results.zip Link to post Share on other sites More sharing options...
ishemhazai Posted November 17, 2020 ID:1421519 Share Posted November 17, 2020 Hi all, first time posting Logged on today & malwarebytes instantly popped up informing me that I had a potential threat- an item within winrar labelled as a trojan.downloader and named default.sfx. Got disposed of quickly and as it had an update, updated Malwarebytes. I've instantly ran a scan from both Malwarebytes Premium and Avast Premium and (although not finished) Malwarebytes has detected a PUP.Optional.Slimware located in C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2010.22653.0_x64__8wekyb3d8bbwe named Win32Bridge.Server.exe. I used TotalVirus online to check it and there's 0/72 for both the exe and the root folder. I didn't get a chance to scan the other one using TotalVirus as I saw the word Trojan, panicked and deleted it when it got quarantined. Is it possible they're both false positives or have I actually been infected? What do I need to do next, fresh install..or? Many thanks for taking the time to read this, ishemhazai Link to post Share on other sites More sharing options...
ishemhazai Posted November 17, 2020 ID:1421536 Share Posted November 17, 2020 Hey mate, I just made a post about this exact problem. Not sure what I've done to trigger it but I got the exact same warning. Beginning to think it's a false positive, not sure why they pop up from time to time with seemingly no provocation though. Why now? Why not a few days ago? 1 Link to post Share on other sites More sharing options...
Stuart1974 Posted November 17, 2020 Author ID:1421537 Share Posted November 17, 2020 1 minute ago, ishemhazai said: Hey mate, I just made a post about this exact problem. Not sure what I've done to trigger it but I got the exact same warning. Beginning to think it's a false positive, not sure why they pop up from time to time with seemingly no provocation though. Why now? Why not a few days ago? this popped up for me after i used winrar to unrar a log file from my own server so not sure how it is a trojan. I did find that this has been an issue for winrar at least since 2013 when i found this posthttps://support.pandasecurity.com/forum/viewtopic.php?t=5977 Link to post Share on other sites More sharing options...
ishemhazai Posted November 17, 2020 ID:1421538 Share Posted November 17, 2020 I used winrar last night while downloading a zip and extracting it, but it didn't pop up last night, only when I started my PC today. Yeah I found that post too, better to be safe than sorry though eh? Link to post Share on other sites More sharing options...
Stuart1974 Posted November 17, 2020 Author ID:1421539 Share Posted November 17, 2020 Not trying to hijack this thread but seems its not an isolated issue I also have had the same thing pop up refer to my thread here 1 Link to post Share on other sites More sharing options...
ishemhazai Posted November 17, 2020 ID:1421540 Share Posted November 17, 2020 Yeah, I just commented on your thread Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted November 17, 2020 Root Admin Solution ID:1421556 Share Posted November 17, 2020 Topics have been merged. This was a False Positive. Please update Malwarebytes and it should no longer be detected Thank you 2 Link to post Share on other sites More sharing options...
Stuart1974 Posted November 18, 2020 Author ID:1421700 Share Posted November 18, 2020 Can mark this topic as solved thanks again for the prompt reply Link to post Share on other sites More sharing options...
Recommended Posts