Jump to content

A client reported your software flagged our software as ransomeware


mchenrysoftware
 Share

Recommended Posts

  • Staff

Hi,

Please zip and attach the medit3dv2.exe file, so we can have a look, as we can't do much at all with a screenshot.

Also, the detection log where the detection is displayed would be needed, as this log contains additional info we need.

Thanks!

Edited to add, we have fixed an FP with this earlier today already. So this might have been fixed already. Please ask your client if they are still getting a detection on this.

Thanks!

malware false positive.png

Edited by miekiemoes
Link to post
Share on other sites

oh yes i see (ability in a forum to send private file)

i will wait to hear form the client. it isn't that large a file (5 megs?) (oh and how we change...i've been in the business a while so seeing the exponential growth of capacity, particularly in wireless (i'm from a long while back 600/1200 baud modem daze! YIKES!)

Our updates sometimes we miss digitally signing  a file. If that tells you it isn't digitally signed then it may not have been.

(we try to be sure ALL files are digitally signed but sometimes in the rush to get things out we miss one or two)

Thanks for the heads up and i will let you know resolution or will send file if not resolved with your update today.

(waiting to hear back from client)

Thanks!

 

Brian

 

 

Link to post
Share on other sites

  • Staff

Thanks, Brian.

Yes, I understand that files are occasionally not digitally signed especially when in a rush to have a new version released. :) 

In either way, I'll await your response, when your client gets back to you. I might not be able to respond today, as I am in the European timezone, but a colleague might take over.

Or it has to wait until tomorrow. :) But I'm quite sure this has been fixed already.  

Link to post
Share on other sites

hello

he sent this and mentioned he already OKd the file so no further issues

if you could check and see whether you need the exe

guess it's late in Europe! enjoy the night!

brian

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/30/20
Protection Event Time: 5:39 AM
Log File: 5a0df03a-32f8-11eb-b1a8-00a0cc5ef683.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33644
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 6
Malware.Ransom.Agent.Generic, d:\Users\shans002\Desktop\MEdit3D.lnk, Quarantined, 0, 392685, 0.0.0, C50EE4BE2BFEC6BF315D63F1356B04A9, 6D2C4E1B5519BDF1D0B99E6530F1C65C3243D53B2FB3F0EEB4EEE966B7D8BD32
Malware.Ransom.Agent.Generic, D:\USERS\SHANS001-BACKUP\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D.lnk, Quarantined, 0, 392685, , ,
Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D (2).lnk, Quarantined, 0, 392685, , ,
Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\TaskBar\MSoft Msmac3D.lnk, Quarantined, 0, 392685, , ,
Malware.Ransom.Agent.Generic, C:\MSoft3D\MEDIT3~1.EXE, Quarantined, 0, 392685, 0.0.0, A7FAC07ED174DEAADA27347A26785F75, 404F37FAF864D2007765A59774953989BB0EE419CF400B32B1C166381E450590
Malware.Ransom.Agent.Generic, C:\MSoft3D\medit3dv2.exe, Quarantined, 0, 392685, 0.0.0, a7fac07ed174deaada27347a26785f75, 404f37faf864d2007765a59774953989bb0ee419cf400b32b1c166381e450590


(end)

Link to post
Share on other sites

thank you! here was another one that came up this afternoon on the clients computer. it may be yet another false positive (note last entry)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/30/20
Protection Event Time: 3:48 PM
Log File: 6f5b1e18-334d-11eb-80c8-00a0cc5ef683.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.33662
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Ransomware Details-
File: 6
Malware.Ransom.Agent.Generic, d:\Users\shans002\Desktop\M3DGraphics.lnk, Quarantined, 0, 392685, 0.0.0, 4A001F53D5756C2B57708E39AE77D3A2, B000D386B99F70C31522AA57E1CD6DEC566929614FE19F19394BBBF89713B677
Malware.Ransom.Agent.Generic, D:\USERS\SHANS001-BACKUP\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\StartMenu\McHenry3DGraphics.lnk, Quarantined, 0, 392685, , ,
Malware.Ransom.Agent.Generic, D:\USERS\SHANS002\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\User Pinned\StartMenu\McHenry3DGraphics.lnk, Quarantined, 0, 392685, , ,
Malware.Ransom.Agent.Generic, C:\MSoft3D\MCHENR~1\MCHENR~1.EXE, Quarantined, 0, 392685, 0.0.0, 1358D71E0DB9AE9158AA35CDFF643A9A, 78058CA96F5C2DEEF06D96C5AFF5EF4F6C9902FC90A9B5BAF03FFF159DC74594
Malware.Ransom.Agent.Generic, C:\MSoft3D\McHenry3DGraphics\MCHENR~1.EXE, Removal Failed, 0, 392685, 0.0.0, 1358D71E0DB9AE9158AA35CDFF643A9A, 78058CA96F5C2DEEF06D96C5AFF5EF4F6C9902FC90A9B5BAF03FFF159DC74594
Malware.Ransom.Agent.Generic, C:\MSoft3D\McHenry3DGraphics\McHenry3DGraphics.exe, Quarantined, 0, 392685, 0.0.0, 1358d71e0db9ae9158aa35cdff643a9a, 78058ca96f5c2deef06d96c5aff5ef4f6c9902fc90a9b5baf03fff159dc74594


(end)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.